ITBM Assignment

Data Security & Encryption

Aritro Banerjee
Roll No. 201611202
Section B
IMT Nagpur
1st Yr (2016-18)

Introduction

With the advent of information technology, it goes without saying that the transfer of
information between two points have become very easy and quite faster. One can send and
receive data from any part of the world (or from space for that matter) almost
instantaneously. But with all the conveniences, the risks have increased too. It has also
relatively become quite easier to intercept the data meant for others, and this poses a big
security risk. One wants their sensitive data to fall into the wrong hands and misused. To
avoid that scenario, various security measures have to be taken so as to ensure that only the
intended recipient has access to the said data.

There are many ways of securing our data that is being shared, password protection being the
most common method of securing any sort of data that is being sent over a network to
another person. The sender sets a password for accessing the data that is being sent and the
receiver can open that said data by inputting the password. It is the most simplest form of
data protection but also by far the most prone to flaws. Anyone who has access to that said
password can easily access it. Also most password can be cracked by using specialised
algorithms.

One of the most secure ways of ensuring the security the data being sent over the network is
to use encrypt the data before sending it and decoding it at the receiving end. It is called
cryptography.

Cryptography

Cryptography is the method of hiding the message in plain sight. It's more of an art rather
than science. The messages are so encoded that only the sender and the receiver can decode
the message, provided they both know the exact algorithm that was used to encode the
message in the 1st place, to anyone else who may intercept the message in any point of
transmission, it appears to completely unintelligible.

The word is derived from the Greek word kryptos, meaning hidden. The origin of
cryptography dates back to 2000 BC, specifically the Egyptian hieroglyphics which consisted
of complex pictograms, the full meaning of which was only known to an elite few.

One can develop their own algorithms to encode the message, this greatly increases the
security of the data that is being shared. One can basically leave any sort of data laying
around without the fear of it being misused because, as said before, it appears to be gibberish
unless you know the exact algorithm to decode it. Passwords can be hacked if you have
sufficient computing power, but no amount of computing power has the ability to decode
some unknown cryptic text.

Basic algorithm:
The encryption of data requires a key, that is dependent on the chosen algorithm to
encode the data.
The intelligible data that is created is known as plaintext which, as the name suggests,
can be read easily as it is not encrypted in any way.
The plaintext is then made to go through the chosen encryption algorithm, which
renders the data unintelligible. To the naked eye, it appears to be a collective
gibberish.

 A key is used to encode the data, which is the controlling factor of the process. The
key is a secret (ideally known only to the communicants), usually a short string of
characters, which is needed to decrypt the message. The plaintext is hence converted
to some cryptic message is known as ciphertext.

The ciphertext is the thing which one sends over to the recipient. Even if one intercepts the
data, it would be of no use to him as it is unreadable collection of random characters.

The receiver can decode the said data by running the same algorithm which was used to
encode the data, using the key which was used to encode the data with. As the key is only
known by the receiver and the sender, and isn't generally shared over the network along with
the message, no one can decode the cipher text. the is a chance that the ciphertext, if
intercepted, the ciphertext can be decoded by pure brute force attacks, but it would require a
supercomputer to perform all the computations on it. The following diagram shows the
typical encryption process.

Example : Playfair Cipher

Playfair cipher is a substitution encoding method, where the alphabets of the message to
be sent is interchanged with another, in a predetermined method. A certain key is required
to both encode and decode the message.

Method:
The Playfair cipher uses a 5 by 5 table containing a key word. The keyword is first
filled in the table, followed by the rest of the alphabets. One of them (usually J) is
dropped, and is paired with any other alphabet of choice if required.
The message to be sent is broken in pairs of alphabets, ignoring all spaces and
punctuation marks. Repeated letters are substituted by X. Each pair is inserted into the
table in turn.
If both letters are in same column, move each letter one down.
If both letters are in the same row, move each letter one to right.
If the two letters form a rectangle, swap them with the letters at the respective
opposite ends of the rectangle.
If in any of the above steps the letters are at the end of the table, we wrap the table
around.
e.g.:

Key - ITBM
Message - Mid Term Project
Splits - MI DT ER MP RO JE CT
I

X/J

Cipher text - ATJDFQTRSPKDDI

To decrypt the cipher text, the above algorithm is to be repeated in reverse order

Visual Cryptography

It is not always possible to use computers to decode the message or even decode the large
message manually by using the tedious decoding algorithm. It is also possible that the
intended receiver is quite inept at applying the decoding algorithm so that he can read the
data that is being sent to him. In those scenarios visual cryptography can be of great help.
Visual Cryptography is a special encryption technique to hide information in images in such a
way that it can be decrypted by the human vision if the correct key image is used. Visual
cryptography is basically a part of steganography, the art and science of hiding secret
messages in an image.

The most commonly used techniques of visual cryptography was proposed by Moni Naor and
Adi Shamir in 1994. In their method, an image is broken up into different parts, called shares.
Only when all the n shares are lined up together, the hidden information is revealed. Even if
someone intercepts one or more shares of the image, it is useless as ALL the shares are
required together to decipher the message.

As we see, no computational power is required to decode the image, neither are the
knowledge of the complex algorithms used to split the image into share. The only thing
required to decode the message in this instance is plain sight.

The above system can be modified slightly to be used in IT (mostly for authentication
purposes) :

A pass code is first encoded into the original image through Steganography, then the
shares of that image is made.
One share is saved in the database and one share is given to the user.
When one wants to log in, he uploads his share of the image, which is combined with
the one stored in the database.
Then the encoded pass code is extracted from the completed image which verifies the
authenticity of the user/data/information.

Conclusion

The advancements in the field of Information technology certainly has provide us with faster
and better methods of storing and sharing our data. Along with that, it has also raised quite a
few concerns about the security of the data that is being shared. Various methods are
available to ensure that the data being sent is only decipherable to the indented recipient.
Point to point encryption of data is by far considered the most secure method to ensure the
integrity of the information.

References:
www.wikipedia.com
www.khanacademy.org
www.coursera.com
www.github.com
Understanding Cryptography: A Textbook for Students and Practitioners By Christof Paar,
Jan Pelzl.
Secure Authentication Using Image Processing And Visual Cryptography.