Friday, November 15, 2019
Interruption Interception Modification And Fabrication Attacks Computer Science Essay
Interruption Interception Modification And Fabrication Attacks Computer Science Essay The communication has been playing an important role since the dawn of civilization. It has become an integral part of existence in the societies which are highly networked where we live in. A few types of communication types have been developed during the earlier stage of civilization which resulted in evolving many types of communications till today. The communication through the internet is the best examples of the latest communication types.There are different types of communications prevailing in our day to day life such as Radio communication, Mobile communication, Telephonic communication and Network communication. Each communication type has its own importance but the communication over a network has been mostly implemented in our life and has been evolved as the most powerful and highly developed communication methods. The network communication method has created a great impact on lives of humans. So as this method is gradually developing and being used by many individuals a nd organizations, such advance in the technology has resulted in the security issues such as threats or malicious attacks to the individuals and organizations. So there is a need to encounter these threats and attacks which resulted in the introduction and development of different mechanisms for providing different services and CRYPTOGRAPHY is one of the mechanisms which is mostly used in the network communication. TYPES OF SECURITY ATTACKS: There are different types of security attacks which affect the communication process in the network and they are as follows Interruption: This type of attack is due to the obstruction of any kind during the communication process between one or more systems. So the systems which are used become unusable after this attack by the unauthorized users which results in the wastage of systems. Interception: The phenomenon of confidentiality plays an important role in this type of attack. The data or message which is sent by the sender is intercepted by an unauthorized individual where the message will be changed to the different form or it will be used by the individual for his malicious process. So the confidentiality of the message is lost in this type of attack. Modification: As the name indicates the message which is sent by the sender is modified and sent to the destination by an unauthorized user. The integrity of the message is lost by this type of attack. The receiver cannot receive the exact message which is sent by the source which results in the poor performance of the network. Fabrication: In this type of attack a fake message is inserted into the network by an unauthorized user as if it is a valid user. This results in the loss of confidentiality, authenticity and integrity of the message. CRYPTOGRAPHY: DEFINITION: The word cryptography is the science of securing information by different techniques such as encryption and decryption. The word cryptography is derived from the Greek word Kryptos which means hidden and graphia means writing, so totally it means hidden writing. Cryptology and Cryptanalysis are closely related to Cryptography. Cryptanalysis is the process of breaking the ciphers and coded without using a key and whereas the cryptology is the combination of both cryptanalysis and cryptography. In the process of cryptography the data which is to be transmitted and received is enciphered by different keys so that it cannot be understand by the unauthorized users. But only the sender and receiver can be able to understand this data. HISTORY: The concept of cryptography was originated in 2000 B.C. in Egypt where the Egyptians practiced hieroglyphics where it is used to reveal the story of the dead people by decorating their tombs and this process was practiced in order to make them to see more ceremonial, majestic and noble but not to hide the message themselves. But later many encryption techniques have evolved for show into practical applications in order to hide the information from others. The history of cryptography was very interesting and many changes have been undergone through many centuries. During the ages of civilization the important issue was the maintenance of secrecy due to the different reasons by individuals or groups and this secrecy maintenance helps the individuals or groups to gain a competitive edge, the true intentions of each individual can be hidden and also the weakness can be reduced. The innovations or advance in the technology has resulted in the changes in cryptographic history. The process of cryptography has begun by sculpturing the message on wood or stone and then it is sent to the person who has to be received and it is deciphered to the original text by different process. But the development of cryptography has undergone many changes from carving the message on wood to the stream of binary codes. These streams of binary codes are transmitted over network wires, airwaves etc in the past but now these binary codes are sent in the form of 0s and 1s through internet cables or open airwaves. These packets are encrypted so that they are not disturbed by the unauthorized users. The Egyptians have started the process of cryptography by replacing the original message with the different message with the help of cipher and this process is known as substitution cipher where each letter in the message to be sent is replaces with the different letter so that unauthorized cannot understand. This message is again retransformed to the original form by the receiver. For e xample the sentence or message STAFFORDSHIRE UNIVERSITY (Plain text) is changed to TUBGGPSETIKSF VOJWFSTJUZ (Encrypted text or cipher text) where each letter is replaces with the preceding letter so that no one can understand. ANCIENT METHODS OF CRYPTOGRAPHY: During the ancient times there were different cryptographic methods which have been implemented for securing the data safely so that it cannot be accessed by an unauthorized user. So the different methods are as follows Hebrew cryptographic method: This is one of the ancient methods of cryptography where flipping of the alphabets takes place in such a way that the mapping of the each letter in the original alphabet and the flipped alphabet should not match each other that means the corresponding letter in the original alphabet should be different in the flipped alphabet and this method of encryption is known as atbash. ABCDEFGHIJKLMNOPQRSTUVWXYZ ZYXWVUTSRQPONMLKJIHGFEDCBA For example the encrypted form of the word Staffordshire University is hgzuuliwhsriv fmrevihrgb. Spartans method: This method of cryptography was implemented around 400 B.C. by the Spartans where they used to encrypt the message or information by using a sheet of papyrus and a wooden stick or rod. The message which is to be sent is written on the papyrus and it is wounded around the stick or rod and this information can be known by the receiver only when the message was wounded around the correct staff so that the letters would properly match. This process is known as scytale cipher and when the paper is removed from the stick or rod the message which was written on the paper was just found as the group of the random characters and this different pieces papyrus are sent to group of soldiers by Greek government with the help of carriers. After receiving the papyrus the soldiers then wound this papyrus around the stick or rod which is of equal diameter and length so that the letters which are random match with the letters with the second rod and the message which is sent can be kn own. The soldiers make use of this method for the information about the strategic moves and military directives. Julius Caesar method: This is also one of the ancient methods of cryptography where Caesar developed a method where the letters of the word are shifted by some number which is set. He developed this method because of his non trustiness on his messengers. So he used to shift the letters by the number 3 such as the letter A is replaced by letter D. So the one who knows the shift by 3 rule can only decipher the message. STUDENT (Plain message) VWXGHQW (encrypted message) CONCEPT: The main concept of cryptography is the process of securing the information by changing the original form of the text or message to the form which cannot be read by the unauthorized user. The message which is sent originally by the sender is known as plaintext which can be read by everyone and the encryption technique is applied to this plain text which results in the formation of cipher text or encrypted text which cannot be read by an unauthorized user. An encryption algorithm is used to convert the plain text into cipher text and again this cipher text is retransformed into plain text by decryption algorithm. This means that cryptography is the science which is used for protecting the message or information by providing different ways and process in order to convert the message or information which cannot be read by anyone. The data or message is converted in such a way that the No access of data for an unauthorized person Information present in the data frames is hidden Data authentication is formed The altering of the data is avoided The message originator cannot disown the data So the information which is transmitted on information and communication systems can be protected or secured by the technology known as cryptography. This technology is applied in many fields such as finance, personal data, military etc.This technology provides a means of authentication verification of the data so that the real culprit can be caught who interrupts the confidentiality and integrity of the data. DIFFERENT TERMS IN CRYPTOGRAPHY: Cryptography: The science of protecting the message or data by using different techniques is known as cryptography. Cryptosystem: The process of encryption and decryption comes under cryptosystem. Cryptanalysis: The process of converting the plaintext from the ciphertext without use of a key. Cryptology: It is the combined study of cryptography and cryptanalysis. Encipher: The act of converting the data which is cannot be readable by an unauthorized user. Decipher: The act of converting the data into readable format. Plain text: This is the original message or the initial message which is sent by the sender to the recipient. This also known as clear text or original text. Encryption: This is the process of converting the plaintext or original text into the text in order to cover the message which cannot be understood by any unauthorized users. Ciphertext: The text which is sent for encryption results in the form of text known as cipher text or encrypted text which cannot be read by unauthorized users. Decryption: This is the opposite of encryption where the encrypted text or cipher text is retained to its original form by using this technique. The conversion of cipher text to plain text takes place in this process. Hash algorithm: This is the algorithm which is used in the encryption technique for the conversion of large string to the fixed length string. This increases the speed of the process. Key: Key is the specified value which is used for encrypting the plaintext to produce the ciphertext.The value of the key will be very high. It is the series of bits and instructions which governs encryption and decryption Cipher: This is the algorithm which is used for the translation of the plaintext to the ciphertext which is the intermediate form GOALS OF CRYPTOGRAPHY: The main objective of the cryptography is to secure the information which is sent from the sender to the receiver so that it cannot be accessed by any unauthorized user and in order to maintain the security of this information cryptography has need to take care of some characteristics which are as follows Confidentiality: The phenomenon of confidentiality plays an important role in cryptography. Confidentiality is the method of securing the information or message such that it can only be accessed only by an authorized user who is proposed to read it. The confidentiality of the information loses its importance when it can be accessed by an unauthorized user. So when a message is sent from A to B, only B should be able to understand the message. Authentication: The phenomenon of authentication also plays a major role in cryptography. The identity of the sender who is sending the message is very important for the receiver. So this is the process of sending the identity proof of the sender to the receiver such that the receiver can be able to know the person who is sending the message. The main concept here is the assurance. Integrity: The integrity of the message has very much importance in cryptography. The message which is sent by the sender should be the same when it is received by the receiver. The message should not be altered or changed during the transmission process by any unauthorized users. So this is the method of making sure that the message which is sent is not altered or tampered during the transit. The contents which are present at the sender should reach the receiver with the same contents without any change. Non-repudiation: This is the method to make sure that the message which is sent is nor disowned. The s ender after sending the message should not declare that it has not sent the message .Once the message is sent by the sender then he is the originator of the data. He has no authority of denying of sending the data. So these are the characteristics of cryptography where all these elements are maintained and implemented during the process of transmission of data from sender to the receiver. CRYPTOGRAPHIC or ENCRYPTION TECHNIQUES: A key plays an importance role in the classification of the cryptographic techniques. The number of keys used decides the type of cryptographic techniques used. So the two important cryptographic techniques area s follows SINGLE OR SECRET KEY CRYPTOGRAPHY OR SYMMETRIC ENCRYPTION: The single key cryptography is one of the main cryptographic techniques where only a single key is used for encryption and decryption of the data or message. So only a single key is responsible for the process of encryption and decryption. This is also known as symmetric key or secret key or private key encryption. So the process of encrypting and decrypting the message or information or data with the help of a single key is known as single key cryptography. The same key which is used for encryption is also used for decryption. The important point of this type of cryptography is that the both transmitter and the receiver should accept on the same key. Symmetric cryptography or encryption between A and B: The process of single cryptography takes place between A and B by sending the message between them. The message which is to be sent by A should not be accessed by an unauthorized user and it should be able to read by only B. In order to make sure that only B has to read the message then a secret key is generated by A. So the secret key which is generated is used for the encryption of the message and this encrypted message is sent to B in the form of ciphertext.This process is known as encryption.Inorder to read the encrypted message by B there is a need of the secret key which is generated by A. So the secret key is transmitted by A to B by different means. The key can be sent to B directly in person by A but it depends on the distance between A and B which effects time. If the distance is more it takes more time and vice versa. The availability of B also plays an important role in sending the key. So as soon as the key is received by B then the decryption of the data takes place wit h the same key in order to retain its original form which is the plain text. So the secure transmission of data takes place between A and B. PROBLEMS IN SYMMETRIC CRYPTOGRAPHY: The main problem in symmetric cryptography is with the key which are used to encrypt and decrypt the data or message. The key which is used here is not more secure.Inorder to transfer the message in the symmetric cryptography the sender should send the key along with the message through internet in the form of e-mail or through IRC services. So this type of transmission of keys is more insecure so that the data can be altered or tampered. The key can be transmitted physically but the distance between the sender and the receiver plays an important role and which is insecure. The process of transferring the key verbally through a phone line results in the leakage of the conversation to others. The sharing of the keys is also one of the problems in this type of cryptography. The other problems in this type of cryptography are key distribution and key management. This type of cryptography lacks in providing data integrity, non-repudiation and data authentication. Digital signatures canno t be created by symmetric cryptography. PUBLIC KEY CRYPTOGRAPHY OR ASYMMETRIC ENCRYPTION: The public key cryptography is also one of the main cryptographic techniques which is used for the secure transmission of data. Based on the security issues which are limited in secret key cryptography the public key cryptography has been evolved. This concept was introduced by Whitfield Diffie and Martin Hellman in 1975. The process where the encryption and decryption of the data or message takes place by two keys instead of a single key is the public key cryptography and this technique is known as asymmetric key encryption. As the name indicates asymmetric key encryption, one key is used for encrypting the data and the other key is used for decrypting the data. These two keys form a pair of keys and the combination of these two keys is known as key pair. The two keys which are used here are public key and secret key or private key. The public key can be liberally distributed to any one which is used for encryption and thus this is named as public key encryption. The other key which is the private key or secret key cannot be distributable to any one and is used for decryption. The secret key is private to any communicating part participating in the process. In this type of cryptography the message or data can be encrypted with only one key and decrypted with the other key where the key which is used for the encryption cannot be used for decryption. So the data or message which is encrypted by the public key should only be decrypted by the private key and vice versa that means the data which is encrypted by the private key should only be decrypted by the public key which results in asymmetric cryptography. Asymmetric cryptography or encryption between A and B: The asymmetric key encryption takes place between A and B by sending message or data between them. The message which is to be sent to b should not be accessed by any unauthorized user. So the decryption of the message should take place with the help of the private key by B. So B contains both the private key and the public key. The public key which is distributable is distributed to A and then A encrypts the message or data with the help of the public key which is sent by B. So the file which is encrypted by A is sent to B where the decryption of file takes place with the help of the private key. So the message or data cannot be accessed by any one because the private key is used for decryption which results in the secure transmission of data. SO the security of the data is more in the public key or asymmetric cryptography or encryption. The above process reveals that the only the public key is used for encryption and only the private key is used for the decryption of the data which reduces the unwanted access of data by an unauthorized users. The loss of data will be very low in this type of cryptography. The possibility of tampering or alteration of the data or message is very low in this type of encryption. The exchange of information or message is very secure in this process. As in the symmetric encryption the sharing of key is not necessary for the encryption or decryption because it uses different keys for different process. The public key is responsible for all the communications but the private key remains silent without any sharing. So each recipient has its key which is unique and this key is used to decrypt the data which is encrypted by its opposite part. PROBLEMS IN ASYMMETRIC CRYPTOGRAPHY: The major problem in this type of encryption is key lengths. The lengths of the keys which are used in public key encryption are very large of 1024 bits to 4094 bits. This results in the low speed of transmission of the data. The key lengths in symmetric cryptography are less from 40 bits to 256 bits which helps in the fast transmission of the data when compared to public key cryptography. So when compared to symmetric key cryptography the public key cryptography is most secure. The messages can be easily transmitted and can be secured in public key cryptography. The key distribution in the public key cryptography is the main asset for this type of encryption. The key management problem can be avoided in this encryption .the strong cryptography can be provided by the public key encryption which is the revolution in the technology. So public key cryptography has more benefits than private key encryption. CRYPTOGRAPHIC OR ENCRYPTION ALGORITHMS: The algorithm is the step to step procedure or the group of mathematical rules which are used for enciphering and deciphering the message or information or data. There are many algorithms which are used in the cryptography and they are known to everyone. So the different types of encryption algorithms are as follows SECRET KEY OR SYMMETRIC KEY ENCRYPTION ALGORITHMS: As the name indicates that in this type of encryption only a single key or a dedicated key is used for both encryption and decryption. The secret key algorithms which are used widely are as follows Data Encryption Standard (DES): Data Encryption algorithm is one of the secret key encryption algorithms which is the most widely used. The Data Encryption Standard specifies a FIPS approved cryptographic algorithms as required by FIPS140-1.The Data Encryption Standard (DES) algorithm has been developed by IBM in the year 1970s and the adaptation was made by National Institute of Standards and Technology (NIST).This is also specified in the ANSI X3.92 and X3.106 standards and also in the Federal FIPS 46 and 81 standards. The exportation of this algorithm is strictly restricted by the US government such that it could be used by the unauthorized people or government. Data Encryption Standard (DES) algorithm provides basic building block for the data protection. The DES is a block cipher which is of 64-bit block size which converts the 64-bit input into the 64-bit output by applying the 56-bit key to each 64-bit data. There are 72 quadrillion or more keys which are used for encryption. So for each message or the information a suitable key is selected from these possible keys and then the process of encryption and decryption takes place with the same key which is the private key or secret key. But due to the innovation in the technology this type of algorithm has proved insecure which resulted in the introduction of Triple-DES (3DES) ALGORITHM where the name itself indicates that the encryption is done three times which is more secure and uses a different key for each encryption. Controversies around DES: The Data Encryption Standard (DES) has been bounded by different controversies such as the key length which s used is used in this type of algorithm has been reduced from 128 bits to 64 bits which resulted in the compromise on security and the other one is the exportation of the algorithm to many countries. DES APPLICATIONS: The Data Encryption Standard (DES) Algorithm has many applications apart from encryption and authentication of data. So the different applications are as follows Data Storage and Mail Systems: The data which is stored in the computers can be protected by the process of encryption and authentication. The passwords which are created by the users in the computers are encrypted by the systems and are stored in the computer memory. The user when enters the password again for signing then the encryption of this password also takes place and this is compared with the other encrypted password and the access to the computer takes place when they both match otherwise the access is denied. The encryption of the password is done by Data Encryption Standard (DES) algorithm with the key which is equal to the password and the plaintext which is equal to the users identity. The files which are present in the computer can also be encrypted by Data Encryption Standard (DES) algorithm for the storage. The computers have a key notarization system which are integrated into them and are used to secure the files from unauthorized access, modifications etc.This Key notarization also helps in providing digital signature capability by using DES.DES gives the users the ability of exercising a group of commands for the purpose of key management, data encryption and authentication functions. The facilities execute notarization which on encryption seals a key or a password. The sealing of key or password takes place with the transmitter and receiver identities. So the receiver must provide the correct identity of the transmitter in order to decrypt the message. This technique of notarization is applied in ANSI standardX9.17 in order to protect against key substitutions which may lead to the compromise of the sensitive data. The secure mail can also be provided by DES .The conjunction of the mail system and the key notarization system helps in providing the secure mail. The header which contains the information which is necessary to decrypt and authenticate the mail file is appended automatically to the file which is transmitted to the receiver. So the decryption and authentication of the file takes place by the receiver in a near transparent manner. `Electronic Funds Transfer (Wholesale and Retail): This is one of the main applications of the Data Encryption Standard (DES) algorithm. The DES plays an important role in protecting the wholesale and retail electronic funds transfer messages. Different standards such as ANSI X9.9 and ANSI X9.19 have been developed Electronic Funds Transfer (EFT) messages. The efforts made by these communities have led to the formation of encryption standards (ANSI X9.23 Draft) and Key management (ANSI X9.17 ANSI X9.24 Draft) standards. The DES is applied in workstations, point of sale terminals, automated teller machines and host computers. The range of data which is protected by DES is of the range from 50$ to a multi-million-dollar transfer. The main criterion which helps the DES algorithm of its usage in the wide variety of EFT applications is the Flexibility. The standards which are developed for EFT application are being developed globally and so the process of encryption, authentication and k ey management have become global. The daily transfer of billions of dollars is done by the US government and the security of this transfer is taken by the Department of Treasury by initiating its policy on the authentication of EFT messages. The support of the Federal Reserve Bank is given to the Treasury in order to make the policy successful. The system which the treasury is considering uses hand-held tokens which contains DES key which are generated for the purpose of a particular individual. The authentication of the EFT message which contains the individuals identity is done by the key which is supplied by the token. The message which is authenticated is the electronic substitute for a signed paper document. Electronic Business Data Interchange: The very big companies have large part of the business transactions and these transactions should be automatic so that cost can be reduced and increases efficiency. So in order to achieve all these large companies are developing the process of automating business. The traditional method of business transactions which is paper based is replaced with the electronic means of transmission. The ANSI Accredited Standards Committee X12 is responsible for these communications by developing different formats. The transaction between the seller and buyer can be accessed by any unauthorized users. So there is a need for protecting the data from the modification and eavesdropping which is done by the process of cryptography or encryption technique. This technique is very effective in protecting the data from unwanted users. The data which is sent by the sender cannot be readable by anyone unless the receiver. Many DES standards have been developed for the pu rpose of the Electronic business data interchange. The standard ANSI X9.9 helps in protecting the data from the unnecessary modifications by the unauthorized user, the unauthorized disclosure can be prevented by the draft ANSI Standard X9.23.The techniques of ANSI Standard X9.17 used for the secure generation, distribution and the storage of DES keys. The above explained methods are implemented by General Motors and seven associated banks in order to protect their business transactions. ATTACKS ON DES: In addition to these different applications of DES it has some weaknesses which are as follows Brute Force Attack: The brute force attack is the simplest attack to decipher. The attack of brute force on the DES is due to the length of the key which is relatively small that is 56 bit and also computational power of the computers which is increasing daily. In the 19th century this type of attacks are not done by the hackers because the cost of the computers are relatively high and the hackers couldnt afford to buy it. But the innovation in the field of computing and technology made the hackers to easily buy the computers and try to hack. Now a days every computer is used for hacking. The powerful, Faster and cheaper techniques which are used by the hackers are Field Programmable Gate Array (FPGA) and Application -Specific Integrated Circuits (ASIC).The time taken to break the cipher is directly proportional to the key length in the brute force attack. In this type of attack the random generation of the keys takes place and these keys are applied on the ciphertext till the origin al key is generated. So the fake key decrypts the message in to its original form. So the main factor which is to be considered here is the key length. The longer the key length the higher is the security. In a n bit long key 2 to the power of n steps are required to break the cipher. So as long as the key length is going to increase then the secure data transmission takes place in the network communication. So in order to get the safe encryption the key lengthy should be long such as the 128 bits which results in the reliable means of encrypting the message. Differential Cryptanalysis Attack: This type of attack is found near the pairs of ciphertexts where the plaintext has some particular differences and these differences are analysed by this attack when the plaintext is propagating through several DES rounds when they are encrypted with the help of the same key. TRIPLE DATA ENCRYPTION STANDARD (3DES): Triple Data Encryption Standard (3DES) is also one of the encryption algorithms and it is the minor variation of Data Encryption Standard (DES).Triple-DES is adopted by ANSI as the X9.52 standard and also been proposed as a revision of FIPS 46, known as draft FIPS 46-3.This algorithm makes use of a 64-bit key which consists of 56 effective key bits and 8 parity bits. The block size for Triple-DES is 8 bytes and the encryption of the data is done in
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.