# Cryptography And Encryption Essay Paper

**Cryptography And Encryption Essay Paper**

Cryptography is the discipline of cryptography and cryptanalysis and of their interaction. The word “cryptography” is derived from the Greek words “Kryptos” means concealed, and “graphien” means to inscribe. It is the science of keeping secrets secret. One objective of cryptography is protecting a secret from adversaries. Professional cryptography protects not only the plain text, but also the key and more generally tries to protect the whole cryptosystem. Cryptographic primitives can be classified into two classes: keyed primitives and non-keyed primitives as in the figure. The fundamental and classical task of cryptography is to provide confidentiality by encryption methods. Encryption (also called enciphering) is the process of scrambling the contents of a message or file to make it unintelligible to anyone not in possession of key “key” required to unscramble the file or message. Providing confidentiality is not the only objective of cryptography. Cryptography is also used to provide solutions for other problems: Data integrity, Authentication, Non-repudiation.Cryptography And Encryption Essay Paper

Encryption methods can be divided into two categories: substitution ciphers and transposition ciphers. In a substitution cipher the letters of plaintext are replaced by other letters or by symbols or numbers. Replacing plaintext bit pattern with cipher text bit patterns is involved in substitution when plaintext is viewed as a sequence of bits. Substitution ciphers preserve the order of plaintext symbols but disguise them. Transposition ciphers, do not disguise the letters, instead they reorder them. This is achieved by performing some sort of permutation on the plaintext letters. There are two type of encryption :symmetric(private/secert) encryption key and asymmetric(public) key encryption.

**BUY A PLAGIARISM-FREE PAPER HERE**

Conventional encryption model

A conventional encryption model can be illustrated as assigning Xp to represent the plaintext message to be transmitted by the originator. The parties involved select an encryption algorithm represented by E. the parties agree upon the secret key represented by K. the secret key is distributed in a secure manner represented by SC. Conventional encryption’s effectiveness rests on keeping the secret. Keeping the key secret rests in a large on key distribution methods. When E process Xp and K, Xc is derived. Xc represents the cipher text output, which will be decrypted by the recipient. Upon receipt of Xc, the recipient uses a decryption algorithm represented by D to process Xc and K back to Xp. This is represented in the figure. In conventional encryption, secrecy of the encryption and decryption algorithm is not needed. In fact, the use of an established well known and tested algorithm is desirable over an obscure implementation. This brings us to the topic of key distribution.Cryptography And Encryption Essay Paper

Cryptanalysis

Code making involves the creation of encryption products that provide protection of confidentiality. Defeating this protection by some men’s other than the standard decryption process used by an intended recipient is involved in code breaking. Five scenarios for which code breaking is used. They are selling cracking product and services, spying on opponents, ensure accessibility, pursuing the intellectual aspects of code breaking and testing whether one’s codes are strong enough. Cryptanalysis is the process of attempting to identify either the plaintext Xp or the key K. discovery of the encryption is the most desired one as with its discovery all the subsequent messages can be deciphered. Therefore, the length of encryption key, and the volume of the computational work necessary provides for its length i.e. resistance to breakage. The protection get stronger when key size increases but this requires more brute force. Neither encryption scheme conventional encryption nor public key encryption is more resistant to cryptanalysis than the other.

Cryptographic goals

However, there are other natural cryptographic problems to be solved and they can be equally if not important depending on who is attacking you and what you are trying to secure against attackers. Privacy, authentication, integrity and non-repudiation are the cryptographic goals covered in this text.

These three concepts form what is often referred to as the CIA triad? The three notations represents the basic security objectives for both data and for information and computing services. FIPS PUB 199 provides a useful characterization of these objectives in terms of requirements and the definition of a loss of security in each category:

Confidentiality: Preserving authorized restrictions on information access and disclosure, together with means for shielding personal secrecy and copyrighted material. A damage of privacy is the illegal disclosure of information.

Integrity: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification of information.

Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to an information system.

Although the use of the CIA tried to define security objectives is well established, some in the security field feel that additional concepts are needed to present a complete picture. Two of the most commonly mentioned are:

Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

Generally there are two types key present Cryptography And Encryption Essay Paper

1 Symmetric-key

2 Asymmetric-key

Symmetric key encryption

The universal technique for providing confidentiality for transmitted data is symmetric encryption. Symmetric encryption is also known as conventional encryption or single-key encryption was the only type of encryption in use prior to the introduction of public-key encryption. Countless individuals and groups, from Julius Caesar to the German U-boat force to present-day diplomatic, military and commercial users, use symmetric encryption for secret communication. It remains by far the more widely used of the types of encryption. A symmetric encryption scheme has five ingredients as follows-

Plaintext: This is the original data or message that is fed into the algorithm as input.

Encryption algorithm: the encryption algorithm performs various transformations and substitutions on the plaintext.

Secret key: The secret key is input to the encryption algorithm. The exact transformations and substitutions performed by the algorithm depend on the key.

Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts.

Decryption algorithm: This is reserve process of encryption algorithm. It takes the ciphertext and secret key and produces the original plaintext.

Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it. The pre-fix “crypt” means “hidden” or “vault” and the suffix “graphy” stands for “writing.”

Cryptography, which translates as “secret writing,” refers to the science of concealing the meaning of data so only specified parties understand a transmission’s contents. Cryptography has existed for thousands of years; for most of history, however, the users of cryptography were associated with a government or organized group and were working to conceal secret messages from enemies. These days, millions upon millions of secure, encoded transmissions happen online each day — and cryptographic standards are used to protect banking data, health information, and much more. Without cryptography, e-commerce as we know it would be impossible. Since online security threats evolve so quickly, there are dozens of different schools of thought on how best to use encryption to enhance network security — not just for governments, but for businesses and end users, too.Cryptography And Encryption Essay Paper

Classical Encryption Techniques

Classical Encryption Techniques Explained at Purdue University (PDF): These lecture notes describe historical encryption methods and how they are used today.

Analysis and Elements of Various Classical Encryption Techniques (PDF): This presentation provides detailed historical information on various forms of encryption.

Introduction to Classical Cryptography by Noted Textbook Author: This overview includes information on how classical cryptography techniques relate to the modern day.

Integration of Classical and Modern Encryption Techniques (PDF): This research report seeks to discover and discuss effective ways to integrate classical and new encryption.

Finite Fields

Basic Introduction to Cryptographic Finite Fields: This detailed inquiry discusses both finite fields and alternative ways of implementing the same forms of cryptography.

Storing Cryptographic Data in the Galois Field (PDF): This report discusses the Galois Field, an important evolution on the concept of cryptographic finite fields.

Comparing Finite Fields to Elliptic Curve Encryption (PDF): This essay focuses on how elliptic curve encryption could be used to build on and enhance finite fields.

Finite Field Arithmetic for Cryptography (PDF): This essay describes advanced methods of using finite field arithmetic to develop algorithms for cryptographic purposes.

Advanced Encryption Standard

Overview and Presentation on the History of AES (PDF): This series of presentation slides serves as an introduction to the very powerful AES encryption standard.

Detailed Technical Review of the Advanced Encryption Standard: This page provides a historical background of AES and summary of how the different components work.

Research Report Reviewing AES and Different Implementations (PDF): This illustrated guide demonstrates one conventional method of implementing AES in programming.

Technical Guide to Intel’s Implementation of AES (PDF): This official Intel white paper discusses how AES is implemented within modern Intel technology.

Confidentiality Using Symmetric Encryption

Symmetric Versus Asymmetric Encryption Discussed (PDF): This set of lecture notes discusses the pros and cons of “secret key” versus “public key” encryption.

Detailed Discussion of Symmetric Encryption and RSA Algorithms (PDF): This technical review of symmetric encryption implementation discusses algorithms in detail.

Number Theory and Hash Algorithms

Hash Functions in Cryptography (PDF): These detailed, illustrated notes meant for college students introduce hash algorithms and their function in data security.

Number Theory and Cryptography at Cornell (PDF): This set of notes and problems introduces advanced number theory concepts and tests comprehension.

Applied Number Theory in Cryptography (PDF): This introduction to number theory goes into great depth about its many applications in the cryptographic world.

Report on Hash Function Theory, Attacks, and Applications (PDF): This research report examines and compares cryptographic hash functions like MD5 and SHA-1.

Hash Functions and Cryptography in Business: This article specifically discusses the importance and applications of hash functions in the business world.Cryptography And Encryption Essay Paper

Digital Signatures

Verifiable Encryption of Digital Signatures (PDF): This scholarly essay reports on the current methods of digital signature verification and offers one new potential alternative.

Overview of Digital Signatures: This page includes a straightforward introduction to digital signatures, their usage, and the various aspects of making them work.

Discussion of Digital Signature Implementation and Issues (PDF): These notes approach the problems of digital signatures in terms of replicating the authenticity of “real” ones.

Overview of Public Key Encryption: This discussion of public key encryption and the RSA algorithm draws from classic digital signature literature and theories.

Basics of Understanding Digital Signatures: This overview from the U.S. federal government’s “US-CERT” security team provides accessible information for consumers.

Future Applications of Quantum Digital Signatures (PDF): This essay is an interpretation of how advanced digital signatures can be implemented with current technology.

Authentication Applications

Authentication Applications: Kerberos and Public Key Infrastructure (PDF): This report discusses two of the most powerful authentication applications and how they can be implemented to enhance security.

Information on Kerberos Protocol from MIT: This detailed overview of the Kerberos protocol provides information on its various releases and how to implement it.

The Official Kerberos Consortium: This is the official “watchdog” organization that develops and publishes standards for the authentication application named Kerberos.

Public Key Infrastructure Defined and Described at PC Magazine: This is an overview of Public Key Infrastructure (PKI) and how it is used to secure information.

Public Key Infrastructure Approaches to Security: This documentation from Oracle discusses the elements of PKI and how they can be used in different technical scenarios.

Auditing and Certification of a Public Key Infrastructure: This report defines the structure and process of using PKI and delves into some of its historical issues.

Electronic Mail Security

The OpenPGP Alliance for Electronic Mail Encryption: This is the site of a nonprofit organization that maintains OpenPGP, a popular email encryption standard.

Berkeley Lab Recommendations on Implementing Electronic Mail Security: These recommendations from the Lawrence Berkeley National Laboratory can be adapted for use by consumers and enterprises by using the cryptographic resources suggested.

GnuPG Nonprofit Privacy Application for Linux-Based Systems: Based on the PGP concept, GnuPG is a nonprofit method of implementing email encryption in Linux-based systems.

Basic Primer on Email Security for Consumers from CNBC: This report from news network CNBC discusses the issues around email encryption and security as they relate to consumers in a world of ever-increasing electronic spying.

IP Security and Web Security

IP Security and Encryption Overview from Cisco Systems: This detailed information on the IPSec protocol and related security matters comes from Cisco, one of the top brands in hardware and software for online security.

HTTP vs. HTTPS Comparison: This page is an introduction to “secure” HTTP connections (HTTPS) and how they differ from basic HTTP connections.

What is SSL and What Are Certificates?: This page expands further on the concept of SSL and how “security certificates” work to authenticate the transfer of sensitive data.

Summary Overview of SSL and How Related Protocols Work Together (PDF): This illustrated guide goes a step further by describing how SSL interacts with other protocols.Cryptography And Encryption Essay Paper

Firewalls

What is a Firewall and What Types of Firewalls Are There?: This introduction serves to define and compare the different kinds of firewalls and how they operate.

Basic Concepts for Managing a Firewall: Aimed at network administrators, this guide digs deep into the fundamental concepts to master in order to make a firewall effective.

How Firewalls Work and How to Use Them: This introduction summarizes the basics of firewalls, some specialized types, and how a firewall “rule” should be designed.

Basic Firewall Information and Use for Consumers: This overview from the nonprofit “Get Safe Online” helps consumers understand fundamental firewall concepts and use.

In computer science, cryptography refers to secure information and communication techniques derived from mathematical concepts and a set of rule-based calculations called algorithms to transform messages in ways that are hard to decipher. These deterministic algorithms are used for cryptographic key generation and digital signing and verification to protect data privacy, web browsing on the internet and confidential communications such as credit card transactions and email.

Cryptography techniques

Cryptography is closely related to the disciplines of cryptology and cryptanalysis. It includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, in today’s computer-centric world, cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption). Individuals who practice this field are known as cryptographers.

Modern cryptography concerns itself with the following four objectives:

Confidentiality: the information cannot be understood by anyone for whom it was unintended

Integrity: the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected

Non-repudiation: the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information

Authentication: the sender and receiver can confirm each other’s identity and the origin/destination of the information

Procedures and protocols that meet some or all of the above criteria are known as cryptosystems. Cryptosystems are often thought to refer only to mathematical procedures and computer programs; however, they also include the regulation of human behavior, such as choosing hard-to-guess passwords, logging off unused systems, and not discussing sensitive procedures with outsiders.

Cryptography process

Cryptographic algorithms

Cryptosystems use a set of procedures known as cryptographic algorithms, or ciphers, to encrypt and decrypt messages to secure communications among computer systems, devices such as smartphones, and applications. A cipher suite uses one algorithm for encryption, another algorithm for message authentication and another for key exchange. This process, embedded in protocols and written in software that runs on operating systems and networked computer systems, involves public and private key generation for data encryption/decryption, digital signing and verification for message authentication, and key exchange.

Types of cryptography

Single-key or symmetric-key encryption algorithms create a fixed length of bits known as a block cipher with a secret key that the creator/sender uses to encipher data (encryption) and the receiver uses to decipher it. Types of symmetric-key cryptography include the Advanced Encryption Standard (AES), a specification established in November 2001 by the National Institute of Standards and Technology as a Federal Information Processing Standard (FIPS 197), to protect sensitive information. The standard is mandated by the U.S. government and widely used in the private sector.Cryptography And Encryption Essay Paper

In June 2003, AES was approved by the U.S. government for classified information. It is a royalty-free specification implemented in software and hardware worldwide. AES is the successor to the Data Encryption Standard (DES) and DES3. It uses longer key lengths (128-bit, 192-bit, 256-bit) to prevent brute force and other attacks.

Public-key or asymmetric-key encryption algorithms use a pair of keys, a public key associated with the creator/sender for encrypting messages and a private key that only the originator knows (unless it is exposed or they decide to share it) for decrypting that information. The types of public-key cryptography include RSA, used widely on the internet; Elliptic Curve Digital Signature Algorithm (ECDSA) used by Bitcoin; Digital Signature Algorithm (DSA) adopted as a Federal Information Processing Standard for digital signatures by NIST in FIPS 186-4; and Diffie-Hellman key exchange.

To maintain data integrity in cryptography, hash functions, which return a deterministic output from an input value, are used to map data to a fixed data size. Types of cryptographic hash functions include SHA-1 (Secure Hash Algorithm 1), SHA-2 and SHA-3.

History of cryptography

The word “cryptography” is derived from the Greek kryptos, meaning hidden. The origin of cryptography is usually dated from about 2000 B.C., with the Egyptian practice of hieroglyphics. These consisted of complex pictograms, the full meaning of which was only known to an elite few. The first known use of a modern cipher was by Julius Caesar (100 B.C. to 44 B.C.), who did not trust his messengers when communicating with his governors and officers. For this reason, he created a system in which each character in his messages was replaced by a character three positions ahead of it in the Roman alphabet.

In recent times, cryptography has turned into a battleground of some of the world’s best mathematicians and computer scientists. The ability to securely store and transfer sensitive information has proved a critical factor in success in war and business.

Because governments do not wish certain entities in and out of their countries to have access to ways to receive and send hidden information that may be a threat to national interests, cryptography has been subject to various restrictions in many countries, ranging from limitations of the usage and export of software to the public dissemination of mathematical concepts that could be used to develop cryptosystems. However, the internet has allowed the spread of powerful programs and, more importantly, the underlying techniques of cryptography, so that today many of the most advanced cryptosystems and ideas are now in the public domain.

Cryptography concerns

Attackers can circumvent cryptography, hack into computers that are responsible for data encryption and decryption, and exploit weak implementations, such as the use of default keys. However, cryptography makes it harder for attackers to access messages and data protected by encryption algorithms.

Cryptography is an interesting field in the world of computer security. This has been boosted by the increase in computer attacks emanating from the Internet. With large and confidential data being transferred over the Internet, its security must be addressed. It is because of this that encryption techniques are continually evolving. With computer hackers being IT experts who are hungry to get at personal data on the Internet, IT security experts have also made sure that they come up with products to combat and stay ahead of the hackers.

With the availability of good network infrastructure, many people are turning to the Internet to send and store their information. What is more, with the development and the emergence of cloud computing, it is imperative that both individuals and organizations are responsible for the safety and privacy of the data being transferred.

E-mail messages have been one of the main targets for attackers on the Internet. Email usage has increased over many years and phishing attacks have become more frequent and more targeted resulting in dramatic increases in computer fraud. All of these developments require that good security measures be implemented. Cryptography has therefore been given a greater emphasis in the computer security world. Web 2.0 applications which have been aggressively rolled out have created a rise in complicated and secure cryptographic techniques which are hard to crack. Cryptography And Encryption Essay Paper

2.2 Definition

Cryptography is the concept and process of hiding information. The process of converting the data into a disguised form so that it is hard to understand is called encryption.

There are two necessities for protected use of symmetric encryption:

We need a strong encryption algorithm.

Sender and receiver must have secured obtained, & keep secure, the secret key.

Stream Ciphers

The stream ciphers encrypt data by generating a key stream from the key and performing the encryption operation on the key stream with the plaintext data. The key stream can be any size that matches the size of the plaintext stream to be encrypted. The ith key stream digit only depends on the secret key and on the (i-1) previous plaintext digits. Then, the ith ciphertext digit is obtained by combining the ith plaintext digit with the ith key stream digit. One desirable property of a stream cipher is that the ciphertext be of the same length as the plaintext. Thus, a ciphertext output of 8 bits should be produced by encrypting each character, if 8-bit characters are being transmitted. Transmission capacity is wasted, if more than 8 bits are produced. However, stream ciphers are vulnerable to attack if the same key is used twice or more.

From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today’s information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can prove your identity or protect your anonymity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital.

But the cryptography now on the market doesn’t provide the level of security it advertises. Most systems are not designed and implemented in concert with cryptographers, but by engineers who thought of cryptography as just another component. It’s not. You can’t make systems secure by tacking on cryptography as an afterthought. You have to know what you are doing every step of the way, from conception through installation.

Billions of dollars are spent on computer security, and most of it is wasted on insecure products. After all, weak cryptography looks the same on the shelf as strong cryptography. Two e-mail encryption products may have almost the same user interface, yet one is secure while the other permits eavesdropping. A comparison chart may suggest that two programs have similar features, although one has gaping security holes that the other doesn’t. An experienced cryptographer can tell the difference. So can a thief.

Present-day computer security is a house of cards; it may stand for now, but it can’t last. Many insecure products have not yet been broken because they are still in their infancy. But when these products are widely used, they will become tempting targets for criminals. The press will publicize the attacks, undermining public confidence in these systems. Ultimately, products will win or lose in the marketplace depending on the strength of their security.

Threats to computer systems

Every form of commerce ever invented has been subject to fraud, from rigged scales in a farmers’ market to counterfeit currency to phony invoices. Electronic commerce schemes will also face fraud, through forgery, misrepresentation, denial of service, and cheating. In fact, computerization makes the risks even greater, by allowing attacks that are impossible against non-automated systems. A thief can make a living skimming a penny from every Visa cardholder. You can’t walk the streets wearing a mask of someone else’s face, but in the digital world it is easy to impersonate others. Only strong cryptography can protect against these attacks.Cryptography And Encryption Essay Paper

Privacy violations are another threat. Some attacks on privacy are targeted: a member of the press tries to read a public figure’s e-mail, or a company tries to intercept a competitor’s communications. Others are broad data-harvesting attacks, searching a sea of data for interesting information: a list of rich widows, AZT users, or people who view a particular Web page.

Criminal attacks are often opportunistic, and often all a system has to be is more secure than the next system. But there are other threats. Some attackers are motivated by publicity; they usually have significant resources via their research institution or corporation and large amounts of time, but few financial resources. Lawyers sometimes need a system attacked, in order to prove their client’s innocence. Lawyers can collect details on the system through the discovery process, and then use considerable financial resources to hire experts and buy equipment. And they don’t have to defeat the security of a system completely, just enough to convince a jury that the security is flawed.

Electronic vandalism is an increasingly serious problem. Computer vandals have already graffitied the CIA’s web page, mail-bombed Internet providers, and canceled thousands of newsgroup messages. And of course, vandals and thieves routinely break into networked computer systems. When security safeguards aren’t adequate, trespassers run little risk of getting caught.

Attackers don’t follow rules; they cheat. They can attack a system using techniques the designers never thought of. Art thieves have burgled homes by cutting through the walls with a chain saw. Home security systems, no matter how expensive and sophisticated, won’t stand a chance against this attack. Computer thieves come through the walls too. They steal technical data, bribe insiders, modify software, and collude. They take advantage of technologies newer than the system, and even invent new mathematics to attack the system with.

The odds favor the attacker. Bad guys have more to gain by examining a system than good guys. Defenders have to protect against every possible vulnerability, but an attacker only has to find one security flaw to compromise the whole system.Cryptography And Encryption Essay Paper

What cryptography can and can’t do

No one can guarantee 100% security. But we can work toward 100% risk acceptance. Fraud exists in current commerce systems: cash can be counterfeited, checks altered, credit card numbers stolen. Yet these systems are still successful because the benefits and conveniences outweigh the losses. Privacy systems–wall safes, door locks, curtains–are not perfect, but they’re often good enough. A good cryptographic system strikes a balance between what is possible and what is acceptable.

Strong cryptography can withstand targeted attacks up to a point–the point at which it becomes easier to get the information some other way. A computer encryption program, no matter how good, will not prevent an attacker from going through someone’s garbage. But it can prevent data-harvesting attacks absolutely; no attacker can go through enough trash to find every AZT user in the country. And it can protect communications against non-invasive attacks: it’s one thing to tap a phone line from the safety of the telephone central office, but quite another to break into someone’s house to install a bug.

The good news about cryptography is that we already have the algorithms and protocols we need to secure our systems. The bad news is that that was the easy part; implementing the protocols successfully requires considerable expertise. The areas of security that interact with people–key management, human/computer interface security, access control–often defy analysis. And the disciplines of public-key infrastructure, software security, computer security, network security, and tamper-resistant hardware design are very poorly understood.

Companies often get the easy part wrong, and implement insecure algorithms and protocols. But even so, practical cryptography is rarely broken through the mathematics; other parts of systems are much easier to break. The best protocol ever invented can fall to an easy attack if no one pays attention to the more complex and subtle implementation issues. Netscape’s security fell to a bug in the random-number generator. Flaws can be anywhere: the threat model, the system design, the software or hardware implementation, the system management. Security is a chain, and a single weak link can break the entire system. Fatal bugs may be far removed from the security portion of the software; a design decision that has nothing to do with security can nonetheless create a security flaw.

Once you find a security flaw, you can fix it. But finding the flaws in a product can be incredibly difficult. Security is different from any other design requirement, because functionality does not equal quality. If a word processor prints successfully, you know that the print function works. Security is different; just because a safe recognizes the correct combination does not mean that its contents are secure from a safecracker. No amount of general beta testing will reveal a security flaw, and there’s no test possible that can prove the absence of flaws.Cryptography And Encryption Essay Paper

Threat models

A good design starts with a threat model: what the system is designed to protect, from whom, and for how long. The threat model must take the entire system into account–not just the data to be protected, but the people who will use the system and how they will use it. What motivates the attackers? Must attacks be prevented, or can they just be detected? If the worst happens and one of the fundamental security assumptions of a system is broken, what kind of disaster recovery is possible? The answers to these questions can’t be standardized; they’re different for every system. Too often, designers don’t take the time to build accurate threat models or analyze the real risks.

Threat models allow both product designers and consumers to determine what security measures they need. Does it makes sense to encrypt your hard drive if you don’t put your files in a safe? How can someone inside the company defraud the commerce system? Are the audit logs good enough to convince a court of law? You can’t design a secure system unless you understand what it has to be secure against.

System design

Design work is the mainstay of the science of cryptography, and it is very specialized. Cryptography blends several areas of mathematics: number theory, complexity theory, information theory, probability theory, abstract algebra, and formal analysis, among others. Few can do the science properly, and a little knowledge is a dangerous thing: inexperienced cryptographers almost always design flawed systems. Good cryptographers know that nothing substitutes for extensive peer review and years of analysis. Quality systems use published and well-understood algorithms and protocols; using unpublished or unproven elements in a design is risky at best.

Cryptographic system design is also an art. A designer must strike a balance between security and accessibility, anonymity and accountability, privacy and availability. Science alone cannot prove security; only experience, and the intuition born of experience, can help the cryptographer design secure systems and find flaws in existing designs.

Implementation

There is an enormous difference between a mathematical algorithm and its concrete implementation in hardware or software. Cryptographic system designs are fragile. Just because a protocol is logically secure doesn’t mean it will stay secure when a designer starts defining message structures and passing bits around. Close isn’t close enough; these systems must be implemented exactly, perfectly, or they will fail. A poorly designed user interface can make a hard-drive encryption program completely insecure. A false reliance on tamper-resistant hardware can render an electronic commerce system all but useless. Since these mistakes aren’t apparent in testing, they end up in finished products. Many flaws in implementation cannot be studied in the scientific literature because they are not technically interesting. That’s why they crop up in product after product. Under pressure from budgets and deadlines, implementers use bad random-number generators, don’t check properly for error conditions, and leave secret information in swap files. The only way to learn how to prevent these flaws is to make and break systems, again and again.

Cryptography for people

In the end, many security systems are broken by the people who use them. Most fraud against commerce systems is perpetrated by insiders. Honest users cause problems because they usually don’t care about security. They want simplicity, convenience, and compatibility with existing (insecure) systems. They choose bad passwords, write them down, give friends and relatives their private keys, leave computers logged in, and so on. It’s hard to sell door locks to people who don’t want to be bothered with keys. A well-designed system must take people into account.Cryptography And Encryption Essay Paper

Often the hardest part of cryptography is getting people to use it. It’s hard to convince consumers that their financial privacy is important when they are willing to leave a detailed purchase record in exchange for one thousandth of a free trip to Hawaii. It’s hard to build a system that provides strong authentication on top of systems that can be penetrated by knowing someone’s mother’s maiden name. Security is routinely bypassed by store clerks, senior executives, and anyone else who just needs to get the job done. Only when cryptography is designed with careful consideration of users’ needs, and then smoothly integrated, can it protect their systems, resources, and data.

The state of security

Right now, users have no good way of comparing secure systems. Computer magazines compare security products by listing their features, not by evaluating their security. Marketing literature makes claims that are just not true; a competing product that is more secure and more expensive will only fare worse in the market. People rely on the government to look out for their safety and security in areas where they lack the knowledge to make evaluations–food packaging, aviation, medicine. But for cryptography, the U.S. government is doing just the opposite.

When an airplane crashes, there are inquiries, analyses, and reports. Information is widely disseminated, and everyone learns from the failure. You can read a complete record of airline accidents from the beginning of commercial aviation. When a bank’s electronic commerce system is breached and defrauded, it’s usually covered up. If it does make the newspapers, details are omitted. No one analyzes the attack; no one learns from the mistake. The bank tries to patch things in secret, hoping that the public won’t lose confidence in a system that deserves no confidence. In the long run, secrecy paves the way for more serious breaches.

Laws are no substitute for engineering. The U.S. cellular phone industry has lobbied for protective laws, instead of spending the money to fix what should have been designed correctly the first time. It’s no longer good enough to install security patches in response to attacks. Computer systems move too quickly; a security flaw can be described on the Internet and exploited by thousands. Today’s systems must anticipate future attacks. Any comprehensive system–whether for authenticated communications, secure data storage, or electronic commerce–is likely to remain in use for five years or more. It must be able to withstand the future: smarter attackers, more computational power, and greater incentives to subvert a widespread system. There won’t be time to upgrade them in the field.

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It’s always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you’ll be glad you did.

In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is one of the most important methods for providing data security, especially for end-to-end protection of data transmitted across networks.Cryptography And Encryption Essay Paper

Encryption is widely used on the internet to protect user information being sent between a browser and a server, including passwords, payment information and other personal information that should be considered private. Organizations and individuals also commonly use encryption to protect sensitive data stored on computers, servers and mobile devices like phones or tablets.

How encryption works

Unencrypted data, often referred to as plaintext, is encrypted using an encryption algorithm and an encryption key. This process generates ciphertext that can only be viewed in its original form if decrypted with the correct key. Decryption is simply the inverse of encryption, following the same steps but reversing the order in which the keys are applied. Today’s most widely used encryption algorithms fall into two categories: symmetric and asymmetric.

Block Ciphers

A block ciphers fragments the message into blocks of a predetermined size and performs the encryption function on each block with the key stream generated by cipher algorithm. Size of each block should be fixed, and leftover message fragments are padded to the appropriate block size. Block ciphers differ from stream ciphers in that they encrypted and decrypted information in fixed size blocks rather than encrypting and decrypting each letters or word individually. A block ciphers passes a block of data or plaintext through its algorithm to generate a block of ciphertext.

Asymmetric Key Cryptosystems

In Asymmetric Key Cryptosystems two different keys are used: a secret key and a public key. The secret key is kept undisclosed by the proprietor and public key is openly known. The system is called “asymmetric” since the different keys are used for encryption and decryption, the public key and private key.

If data is encrypted with a public key, it can be decrypted only by using the corresponding private key. Public Key Encryption shown in fig.Cryptography And Encryption Essay Paper

Classical encryption techniques

The technique enables us to illustrate the basic approaches to conventional encryption today. The two basic components of classical ciphers are transposition and substitution. Combination of both substitution and transposition is described in others systems.

Substitution techniques

In this technique letters of plaintext message are placed by symbols and numbers. If plaintext is in the form of a sequences of bits, then substituting plaintext bit patterns with ciphertext bit patterns.

Transposition techniques

Transposition instantly moves the position around within it but does not alter any of the bits in the plaintext. If the resultant ciphertext is then put through more transpositions, the end result has increasing security.

Cryptography was used only for military and diplomatic communication until the development of public key cryptography. Secrecy is one of most important requirement for any communication and it becomes more important when the content of communication is for military and diplomatic purpose.

Hieroglyphs used by Egyptians are earliest known example of cryptography in 1900 BC. These hieroglyphics were used to write the stories of the life of kings and describe the great acts of his life. Around 500 BC Hebrew scholars used mono alphabetic substitution cipher such as “Atbash cipher”. Around 400 BC the Spartans also developed a “Scytale cipher” that used ribbons of parchment for writing any secret message after wrapping it around a cylindrical rod named as Scytale. In second century BC Greek historian Polybius invented “Polybius Square” a type of substitution ciphers. Around 1st century BC the Roman emperor Julius Ceaser used the substitution cipher named after him as “Ceaser Cipher”. The Caesar Cipher is a Monoalphabetic type Cipher.

Around 9th century AD the Arab Mathematician AbÅ« YÅ«suf YaÊ»qÅ«b ibn Isá¸¥Äq al-KindÄ« popularly known as “Al-Kindi” published the first text book on cryptnalysis of ciphers named “Risalah fi Istikhraj al-Mu’amma (On Deciphering Cryptographic Messages)”. This book can be stated as the pioneer of the medieval cryptography. In this book Al-Kindi described the frequency analysis technique for deciphering substitution ciphers and some polyalphabetic substitution ciphers. The relative frequency of symbols is used in Frequency analysis to decode the message. Al-Kindi used this technique on “Qur’an” to understand the meaning for religious purpose.

The field of cryptography had not made any significant development until 15th century when the Italian mathematician Leon Battista Alberti known as “The Father of Western Cryptology,” developed the concept of polyalphabetic substitution. Although he had not made any practical cipher but by using this concept a practical Poly-Alphabetic substitution cryptographic system was developed by French cryptographer BLAISE DE VIGENERE, which was named after him and called as VIGENERE SQUARE. For a long time this cipher was believed to be secure but around 1854, CHARLES BABBAGE, an English mathematician and engineer, better known as father of Computer Science for his development work of difference engine that become the first mechanical computer, successfully cracked the Vigenere Square Cipher by using the method of statistical analysis.

Cryptography was widely used in World War I and II. The most famous incident of World War I is of German foreign Minister Zimmerman Telegram that changed the whole World War I and involved the America in world war which was neutral till that date and Germany was finally defeated.Cryptography And Encryption Essay Paper

Unlike the past cryptographic algorithms in which the main concentration was on hiding the algorithm or technique the modern ciphers needed the technique or algorithm which can be widely used and whose security should not be compromised if the algorithm is known.

To encrypt and decrypt the information, a key is used in modern cryptographic algorithms which convert the message and data in such format which are senseless to the receiver through encryption and then return them to the original form through decryption process.

Claude E. Shannon, father of modern cryptography has contributed his work to cryptography in the form of “A mathematical theory of cryptography” and “A Communications Theory of Secrecy Systems” which are considered as the foundation of modern cryptography.

In seventies the field of cryptography has witnessed two major developments. First was the development of Data Encryption Standard (DES) by IBM, which was accepted as standard after some modification by the NSA in 1977 and it was later replaced by the Advanced Encryption Standard (AES) in 2001. The second development which is more important and that changed the whole working process and use of cryptography is the development of Public Key Cryptography. It was started with the publication of the paper titled “New Directions in Cryptography”, by Whitfield Diffie and Martin Hellman and similar development made by Ron Rivest, Adi Shamir and Leonard Adleman, who were the first to publicly describe the algorithm in 1977 and it was named after them as RSA algorithm.

An Introduction to Cryptology:

The word cryptology is a combination of two greek words, “kryptos”, which means hidden and “logos” means “study”. Cryptology is as old as writing itself and it has been primarily for thousands of years it had been used for securing military and diplomatic communications.

The field of Cryptology can be further classified into two main fields, namely: Cryptography and Cryptanalysis. On the one hand the cryptographers try to develop a system or algorithm that will be safe and secure for communication while on the other hand the cryptanalysts seek weaknesses in the developed system and try to breach the security of the system. The two works can be considered against each other but the work of cryptanalysts cannot be always negative and they can work for the betterment of the developed system by trying to find out the weaknesses in the cryptographic algorithm and fix it.

Cryptography:

Cryptography is the technique for writing secretly so that the unintended recipients cannot comprehend the original message. It transforms the information into such an unintelligible form so that illegitimate or unintended users cannot devise the original meaning of the message and it looks like a garbage value for them. But the main consideration during the transformation is that the process must be reversible so that the intended user can get the original information after applying the original key and process. This is the traditional use of cryptography but in modern times the scope of cryptography has widened.

Cryptanalysis:

Cryptanalysis is the field of study that deals with the techniques that verify and assert the security of the protocol or system. The objective of the cryptanalysis techniques is to assess the security claims of the cryptographic algorithm or system. Cryptanalysts try to develop an attack to show that claimed security level is not achieved due to weaknesses in the cryptographic system.Cryptography And Encryption Essay Paper

It is difficult to define when a cryptosystem is broken. Generally, efficiency of an attack is compared with the efficiency of exhaustive key search attack and if the efficiency of attack is less than it then it is considered an attack on the cryptographic system.

Classification of attacks can be made on the basis of the amount of information available to attacker:

â€¢ Ciphertext-only attack: The attacker has access to the ciphertext only.

â€¢ Known-plaintext attack: In this case the attacker has access to both the plaintext and the corresponding ciphertext. This attack can be employed when the attacker has limited access to the encrypting device.

â€¢ Chosen-Plaintext attack: The attacker selects a plaintext and generates corresponding ciphertext using the correct key. This can only be applied if the attacker has access to encryption device and is able to encrypt a message of choice using this device. The goal of such type of attack is to discover the secret key or algorithm for any given encrypted text.

â€¢ Chosen-Ciphertext attack: The attacker selects a ciphertext and generates corresponding plaintext using the correct key. This can only be possible if the attacker has access to decryption device and is able to decrypt a message of choice using this device. The goal of such type of attack is also to discover the secret key or algorithm for any given encrypted text.

The goals of such attacks in general can be classified as secret key recovery, plaintext recovery without recovering the key or the discovery of the encryption/decryption algorithm.

Classification of Cryptographic primitives:

Unkeyed Cryptography:

Unkeyed cryptosystem is that cryptosystem which does not use any key or parameter for application. Examples of such system are one-way functions, cryptographic hash functions, and random bit generators.

Public Key or Asymmetric Cryptography:

Public Key or Asymmetric Key cryptography is the latest addition to the cryptographic techniques that has changed the basic uses of cryptography. Two different keys are used for encryption and decryption in Public or asymmetric key cryptography. Public key is being used for encryption and it is known to everyone and is freely distributable but the encrypted message can only be decrypted by using the private key corresponding to public key which is known only to the authorized person. Public key cryptography evolved to solve the problems of Secret key cryptography but it is very slow in comparison to secret key cryptography. Public key cryptography cannot be used for high volume encryption. Therefore we use combination of Public and Private Key cryptography for practical applications.

Secret Key or Private Key or Symmetric Key Cryptography:

In Symmetric Key or Secret Key cryptography, only a single key is used to encrypt and decrypt. It is also called Private Key cryptography. The main problem of the secret key cryptography is the sharing of same key by sender and receiver. In the case of unsecure channels, there is no mean to exchange key securely. The secret key must be shared using any secure channel before communication take place and for such purpose Public Key cryptography is generally used.

An overview of Symmetric Algorithms:

Symmetric key cryptography is still highly used due to its efficiency and is generally used where high volume of data is encrypted. Symmetric key primitives can be classified into two basic designs; namely Block Cipher and Stream Cipher.Cryptography And Encryption Essay Paper

Block Ciphers:

Block cipher is a symmetric key encryption which divides the input stream of plaintext into fixed size of blocks, generally 64, 128 or 256 bits long and using a fixed transformation (substitutions and permutations) on every block on by one. These transformations are repeated many times to obtain highly nonlinear output bits. The two most popular block ciphers are DES and AES.

Modes of operation:

A block cipher performs fixed transformations on any block of data and results in same ciphertext for same plaintext, hence can only be considered secure for a single block of data. A mode of operation is actually a way of encryption using a block cipher securely for data more than one block. The Block ciphers are used in one of the five modes to operate for breaking the linearity. A cryptographic mode usually consists of basic cipher, some sort of feedback, and some simple operations.

Electronic Code Book (ECB) Mode

Cipher block Chaining (CBC) Mode

Cipher Feedback (CFB) Mode

Output Feedback (OFB) Mode

The counter (CTR) Mode

Stream Ciphers:

Symmetric Cryptographic systems encrypt plaintext messages unit by unit, and unlike block ciphers, which encrypt block of plaintext using fixed transformation, Stream Ciphers encrypt individual units or character of plaintext using a time-varying transformation.

It takes the secret key and initialization vector (IV) as input and generates a pseudo random sequence of digits called keystream using pseudo random generator, usually part of Stream Ciphers. ciphertext digits are generated by XORing the keystream digits with the plaintext digits.

The stream ciphers are classified into two parts as synchronous and asynchronous stream ciphers on the basis of application of internal state in further encryption of digits. Stream ciphers have played an important role in cryptography and still being used due to its efficiency and especially, in hardware implementations where hardware resources are restricted.

Stream ciphers are the main topic of research in this thesis and it will be discussed more comprehensively in later chapters. For a general description of stream ciphers, see chapter 2.

Scope of Cryptology:

Today the cryptology is not just limited to data encryption and decryption as mentioned above, it has a wide range of usages. The field of cryptology is an emerging field in which continuous expansions and modifications are taking place. The field of cryptography was evolved for military usage but it has now expanded and is highly used in civilian applications also. Cryptography is the study of mathematical techniques, algorithms and protocols that can provide four basic services for information security, namely privacy, authentication, data integrity and non-repudiation.Cryptography And Encryption Essay Paper

Privacy or confidentiality: The basic goal of cryptography is to keep the information secret from unauthorized persons. Cryptography is the most common mean to provide confidentiality or privacy to the information.

Data Integrity: Data integrity means that system must be able to detect the unauthorized manipulation of the data. Data manipulation refers to insertion, deletion or substitution of data.

Authentication: Authentication service provides the ability to correctly identify the parties in the communication and origin of the data.

Non-Repudiation: Non-repudiation service prevents an entity from denying any activity done by itself or existence of a communication at any later stage in case of any dispute.

Stream Cipher Standardization:

Major effort towards standardization of cryptographic primitives was started by European Commission research project funded from 2000-2003 in form of NESSIE (New European Schemes for Signatures, Integrity and Encryption). In March 2000 NESSIE urged the public for submissions of cryptographic primitives, and against this call 42 primitives were submitted in February 2003. The submissions were selected in different categories for standardization. Various cryptographic primitives were standardized except Stream Ciphers and none of the six submitted stream ciphers were considered as upto standard. During this period another organization, the International Standards Organization’s ISO/IEC 18033 also initiated a similar project for standardization and selected two stream ciphers: SNOW 2.0 and MUGI. Other than these two efforts a Cryptography Research and Evaluation Committee was set up by the Japanese Government which started a project CRYPTREC in 2001 to evaluate and recommend the cryptographic primitives in different category for use. In the stream cipher category, three ciphers were recommended that are MUGI, MULTI-S01 and RC4 (128-bit keys only). But, Later on these ciphers were also found to be susceptible to the cryptanalytic attacks

This failure on the side of cryptographic primitives in stream cipher category prompted Adi Shamir in 2004 RSA Data Security Conference to question, whether there is a need for Stream Ciphers or not. He also defined two areas were Stream Ciphers can still be useful where exceptionally high throughput is required in software and exceptionally low resource consumption is required in hardware.

To explore the Stream Cipher condition and to develop a state of art stream cipher which can secure and fulfill the above mentioned requirements, ECRYPT launched the eSTREAM project in 2004.

eSTREAM made a call for submission in two categories; hardware based and software based stream ciphers. In response to this call 34 ciphers were submitted in both the categories. In different phases of this project, cipher profiles were declared. The final profile issued in January 2012, seven ciphers were selected. The selected ciphers are HC-128, Rabbit, Salsa20/12 and SOSEMANUK in profile 1 (Software based Ciphers) and Grain v1, MICKEY 2.0 and Trivium in profile 2 (Harware based cipher). Even after these standardization efforts, many weaknesses were found in these ciphers.

This state of Stream Ciphers has led me to involve in the research of the Stream Cipher and work towards a secure and efficient Stream Cipher. Cryptography And Encryption Essay Paper

Calculate the price of your order

The price of a paper depends on the number of pages, academic level and the urgency. Our prices are discounted and start from as low as $10 per page. To know how much you would pay for an order, fill in the basic paper details.

Confidentiality and Security

We take confidentially of our customers seriously. This is the reason we use only PayPal to make payments that require only an email. This means you can order and pay for your order without disclosing your full identity and with no trace to you or your credit/debit card details as this information is only shared with PayPal, a trusted international payment system. Our website is also encrypted to ensure additional security. In addition, we never sell your paper nor divulge the paper or client details to anyone.

Authenticity

We write all our papers from scratch and never plagiarize at all. Our papers are 100% original with no plagiarism element even when many students place a similar order with us. You are guaranteed of a custom-made non-plagiarized paper that you cannot find anywhere else even in part whenever you order from us.

Professionalism

Professional writers in the various fields who have a wealth of experience in academia write all your papers. You are, therefore, guaranteed of a well-researched paper with the right content and in the correct structure. All our papers are properly referenced and any sources used are correctly cited using your preferred referencing styles such as APA, MLA, OSCOLA, Harvard, Chicago/Turabian, Vancouver, or any other referencing style you prefer.

Our services are legal and acceptable

Do you know that it is legal to seek our academic writing services and is not against the policies of your university, college or any other learning institution?

You are not prohibited from getting our custom-made papers if you use them in any of the following ways;

- As a source for additional understanding of the subject
- As a source of ideas for your research, in this case, it should be properly referenced
- For proper paraphrasing as per your schools plagiarism definition and acceptable paraphrase
- Direct citing in your work, when properly referenced.