CRYPT06RAPHY At0 tFTw0RK

SFCuRlTY


Submitteu foi the paitial fulfillment of the awaiu of Bacheloi of
Technology Begiee in
Electionics & Communication Engineeiing

SUBMITTED BY:

CUIDED BY:
NR. RAvISB K0NAR
SIBBARTB TBAPLIYAL (SENINAR C00RBINAT0R)
NR. INBRA}EET CB0uB
(B.0.B)

Department of Electronics & Communication Engineering
Roorkee Institute Uf Tecbnology,
Roorkee-
Uttarakband

CFRTlFlCATF

1hls ls Lo cerLlfy LhaL Mr SldharLh 1hapllyal of 81ech flnal year

LlecLronlcs CommunlcaLlon Lngg uellvered a semlnar on Lhe Loplc
C8?1CC8AP? Anu nL1WC8k SLCu8l1?" on ______________
accordlng Lo u1u currlculam


Pls overall performance ln semlnar acLlvlLy was very good and
saLlsfacLory



Mr 8avlsh kumar Mr lndra[eeL Chugh
Semlnar CoordlnaLor PCu

ACKt0wlF06HFtT

l would llke Lo Lake Lhls opporLunlLy Lo Lhank Mr lndra[eeL Chugh PCu

LCL Mr 8avlsh kumar Semlnar CoordlnaLor for guldlng me LhroughouL
Lhe preparaLlon of pro[ecL


l would also llke Lo exLend my slncere appreclaLlon Lo my colleagues
and Lo all Lhose whose names are noL menLloned buL who dellvered
lmporLanL help ln brlnglng ouL Lhls reporL



SldharLh 1hapllyal
LCL flnal year

When !ullus Caesar senL messages Lo hls generals he dldn'L LrusL hls messengers
So he replaced every A ln hls messages wlLh a u every 8 wlLh an L and so on
Lhrough Lhe alphabeL Cnly someone who knew Lhe shlfL by 3" rule could
declpher hls messages
And so we begln

What |s cryptography?
ctyptoqtopby ls Lhe sclence of uslng maLhemaLlcs Lo encrypL and decrypL daLa
CrypLography enables you Lo sLore senslLlve lnformaLlon or LransmlL lL across
lnsecure neLworks (llke Lhe lnLerneL) so LhaL lL cannoL be read by anyone excepL
Lhe lnLended reclplenL
Whlle crypLography ls Lhe sclence of securlng daLa ctyptooolysls ls Lhe sclence
of analyzlng and breaklng secure communlcaLlon Classlcal crypLanalysls lnvolves
an lnLeresLlng comblnaLlon of analyLlcal reasonlng appllcaLlon of maLhemaLlcal
Lools paLLern flndlng paLlence deLermlnaLlon and luck
CrypLanalysLs are also called ottockets
ctyptoloqy embraces boLh crypLography and crypLanalysls




crypt|o a crypt|o

crypt|o a crypt|o
uaLa LhaL can be read and undersLood wlLhouL any speclal measures ls called
plolotext or cleottext 1he meLhod of dlsgulslng plalnLexL ln such a way as Lo hlde
lLs subsLance ls called eoctyptloo LncrypLlng plalnLexL resulLs ln unreadable
glbberlsh called clpbettext ?ou use encrypLlon Lo ensure LhaL lnformaLlon ls
hldden from anyone for whom lL ls noL lnLended even Lhose who can see Lhe
encrypLed daLa 1he process of reverLlng clpherLexL Lo lLs orlglnal plalnLexL ls
called Jectyptloo

ow os cryptography work?
A ctyptoqtopblc olqotltbm or clpbet ls a maLhemaLlcal funcLlon used ln Lhe
encrypLlon and decrypLlon process A crypLographlc algorlLhm works ln
comblnaLlon wlLh a keya word number or phraseLo encrypL Lhe plalnLexL
1he same plalnLexL encrypLs Lo dlfferenL clpherLexL wlLh dlfferenL keys 1he
securlLy of encrypLed daLa ls enLlrely dependenL on Lwo Lhlngs Lhe sLrengLh of
Lhe crypLographlc algorlLhm and Lhe secrecy of Lhe key
A crypLographlc algorlLhm plus all posslble keys and all Lhe proLocols LhaL make lL
work comprlse a ctyptosystem

ot|oa| cryptography
ln convenLlonal crypLography also called sectetkey or symmettlckey encrypLlon
one key ls used boLh for encrypLlon and decrypLlon




ot|oa| crypt|o

or example lf we encode Lhe word SLC8L1" uslng key value of 3
we offseL Lhe alphabeL so LhaL Lhe 3rd leLLer down (u) beglns Lhe alphabeL
So sLarLlng wlLh
A8CuLCPl!kLMnCC8S1uvWx?Z
and slldlng everyLhlng up by 3 you geL
uLCPl!kLMnCC8S1uvWx?ZA8C
where uA L8 C and so on


uslng Lhls scheme Lhe plalnLexL SLC8L1" encrypLs as vPuPW" 1o
allow someone else Lo read Lhe clpherLexL you Lell Lhem LhaL Lhe key ls 3

y maagmt a cot|oa| crypt|o
ConvenLlonal encrypLlon has beneflLs lL ls very fasL lL ls especlally useful for
encrypLlng daLa LhaL ls noL qoloq anywhere Powever convenLlonal encrypLlon
alone as a means for LransmlLLlng secure daLa can be qulLe expenslve slmply due
Lo Lhe dlfflculLy of secure key dlsLrlbuLlon 8ecall a characLer from your favorlLe
spy movle Lhe person wlLh a locked brlefcase handcuffed Lo hls or her wrlsL
WhaL ls ln Lhe brlefcase anyway? lL's probably noL Lhe mlsslle launch
code/bloLoxln formula/lnvaslon plan lLself lL's Lhe key LhaL wlll decrypL Lhe secreL
daLa or a sender and reclplenL Lo communlcaLe securely uslng convenLlonal
encrypLlon Lhey musL agree upon a key and keep lL secreL beLween Lhemselves lf
Lhey are ln dlfferenL physlcal locaLlons Lhey musL LrusL a courler Lhe 8aL hone
or some oLher secure communlcaLlon medlum Lo prevenL Lhe dlsclosure of Lhe
secreL key durlng Lransmlsslon Anyone who overhears or lnLercepLs Lhe key ln
LranslL can laLer read modlfy and forge all lnformaLlon encrypLed or
auLhenLlcaLed wlLh LhaL key rom uLS Lo CapLaln MldnlghL's SecreL uecoder 8lng
Lhe perslsLenL problem wlLh convenLlonal encrypLlon ls key Jlsttlbotloo how do
you geL Lhe key Lo Lhe reclplenL wlLhouL someone lnLercepLlng lL?
9||c ky cryptography
1he problems of key dlsLrlbuLlon are solved by pobllc key ctyptoqtopby Lhe
concepL of whlch was lnLroduced by WhlLfleld ulffle and MarLln Pellman ln
1973
ubllc key crypLography ls an asymmeLrlc scheme LhaL uses a polt of keys for
encrypLlon a pobllc key whlch encrypLs daLa and a correspondlng ptlvote or
sectet key for decrypLlon ?ou publlsh your publlc key Lo Lhe world whlle
keeplng your prlvaLe key secreL Anyone wlLh a copy of your publlc key can Lhen
encrypL lnformaLlon LhaL only you can read Lven people you have never meL
lL ls compuLaLlonally lnfeaslble Lo deduce Lhe prlvaLe key from Lhe publlc key
Anyone who has a publlc key can encrypL lnformaLlon buL cannoL decrypL lL
Cnly Lhe person who has Lhe correspondlng prlvaLe key can decrypL Lhe
lnformaLlon



9||c ky crypt|o

1he prlmary beneflL of publlc key crypLography ls LhaL lL allows people who have
no preexlsLlng securlLy arrangemenL Lo exchange messages securely 1he need for
sender and recelver Lo share secreL keys vla some secure channel ls ellmlnaLed all
communlcaLlons lnvolve only publlc keys and no prlvaLe key ls ever LransmlLLed
or shared
8ecause convenLlonal crypLography was once Lhe only avallable means for
relaylng secreL lnformaLlon Lhe expense of secure channels and key dlsLrlbuLlon
relegaLed lLs use only Lo Lhose who could afford lL such as governmenLs and large
banks (or small chlldren wlLh secreL decoder rlngs) ubllc key encrypLlon ls Lhe
Lechnologlcal revoluLlon LhaL provldes sLrong crypLography Lo Lhe adulL masses

ys
A key ls a value LhaL works wlLh a crypLographlc algorlLhm Lo produce a speclflc
clpherLexL keys are baslcally really really really blg numbers key slze ls
measured ln blLs Lhe number represenLlng a 1024blL key ls darn huge ln publlc
key crypLography Lhe blgger Lhe key Lhe more secure Lhe clpherLexL Powever
publlc key slze and convenLlonal crypLography's secreL key slze are LoLally
unrelaLed A convenLlonal 80blL key has Lhe equlvalenL sLrengLh of 1024blL
publlc key A convenLlonal 128blL key ls equlvalenL Lo a 3000blL publlc key
Agaln Lhe blgger Lhe key Lhe more securebuL Lhe algorlLhms used for each Lype
of crypLography are very dlfferenL
Whlle Lhe publlc and prlvaLe keys are relaLed lL's very dlfflculL Lo derlve Lhe
prlvaLe key glven only Lhe publlc key however derlvlng Lhe prlvaLe key ls
always posslble glven enough Llme and compuLlng power 1hls makes lL very
lmporLanL Lo plck keys of Lhe rlghL slze large enough Lo be secure buL small
enough Lo be applled falrly qulckly AddlLlonally you need Lo conslder who
mlghL be Lrylng Lo read your flles how deLermlned Lhey are how much Llme
Lhey have and whaL Lhelr resources mlghL be
Larger keys wlll be crypLographlcally secure for a longer perlod of Llme lf
whaL you wanL Lo encrypL needs Lo be hldden for many years you mlghL wanL
Lo use a very large key

|g|ta| S|gatr
uslng ulglLal slgnaLure a message can be slgned by a devlce uslng lLs prlvaLe key
Lo ensure auLhenLlclLy of Lhe message Any devlce LhaL has goL Lhe access Lo Lhe
publlc key of Lhe slgned devlce can verlfy Lhe slgnaLure 1hus Lhe devlce recelvlng
Lhe message can ensure LhaL Lhe message ls lndeed slgned by Lhe lnLended devlce
and ls noL modlfled durlng Lhe LranslL lf any Lhe daLa or slgnaLure ls modlfled Lhe
slgnaLure verlflcaLlon falls

or eg lf a devlce A need Lo ensure Lhe auLhenLlclLy of lLs message Lhe devlce A
slgns lLs message uslng lLs prlvaLe key A 1he devlce A wlll Lhen send Lhe message
'Msg' and slgnaLure 'Sgn' Lo devlce 8 1he devlce 8 on recelvlng Lhe message can
verlfy Lhe message uslng A's publlc key uA and Lhere by ensurlng LhaL Lhe
message ls lndeed senL by A and ls also noL Lampered durlng Lhe LranslL Slnce
only Lhe devlce A knows lLs prlvaLe A key lL ls lmposslble for any oLher devlce Lo
forge Lhe slgnaLure



ash fct|os
1he sysLem descrlbed above has some problems lL ls slow and lL produces an
enormous volume of daLaaL leasL double Lhe slze of Lhe orlglnal lnformaLlon
An lmprovemenL on Lhe above scheme ls Lhe addlLlon of a oneway bos fooctloo
ln Lhe process A oneway hash funcLlon Lakes varlablelengLh lnpuLln Lhls case
a message of any lengLh even Lhousands or mllllons of blLsand produces a
flxedlengLh ouLpuL say 160blLs 1he hash funcLlon ensures LhaL lf Lhe
lnformaLlon ls changed ln any wayeven by [usL one blLan enLlrely dlfferenL
ouLpuL value ls produced
As long as a secure hash funcLlon ls used Lhere ls no way Lo Lake someones
slgnaLure from one documenL and aLLach lL Lo anoLher or Lo alLer a slgned
message ln any way 1he sllghLesL change ln a slgned documenL wlll cause Lhe
dlglLal slgnaLure verlflcaLlon process Lo fall

Scr |g|ta| s|gatrs
|g|ta| crt|f|cats
Cne lssue wlLh publlc key crypLosysLems ls LhaL users musL be consLanLly
vlgllanL Lo ensure LhaL Lhey are encrypLlng Lo Lhe correcL person's key ln an
envlronmenL where lL ls safe Lo freely exchange keys vla publlc servers
moolotbemlJJle aLLacks are a poLenLlal LhreaL ln Lhls Lype of aLLack someone
posLs a phony key wlLh Lhe name and user lu of Lhe user's lnLended reclplenL
uaLa encrypLed Lo and lnLercepLed byLhe Lrue owner of Lhls bogus key ls
now ln Lhe wrong hands
ln a publlc key envlronmenL lL ls vlLal LhaL you are assured LhaL Lhe publlc key
Lo whlch you are encrypLlng daLa ls ln facL Lhe publlc key of Lhe lnLended
reclplenL and noL a forgery ?ou could slmply encrypL only Lo Lhose keys whlch
have been physlcally handed Lo you 8uL suppose you need Lo exchange
lnformaLlon wlLh people you have never meL how can you Lell LhaL you have
Lhe correcL key?
ulqltol cettlflcotes or cetts slmpllfy Lhe Lask of esLabllshlng wheLher a key Lruly
belongs Lo Lhe purporLed owner
A dlglLal cerLlflcaLe ls daLa LhaL funcLlons much llke a physlcal cerLlflcaLe A
dlglLal cerLlflcaLe ls lnformaLlon lncluded wlLh a person's publlc key LhaL helps
oLhers verlfy LhaL a key ls genulne or vollJ ulglLal cerLlflcaLes are used Lo
LhwarL aLLempLs Lo subsLlLuLe one person's key for anoLher
A dlglLal cerLlflcaLe conslsLs of Lhree Lhlngs
- A publlc key
- CerLlflcaLe lnformaLlon (ldenLlLy" lnformaLlon abouL Lhe user such as
name user lu and so on)
- Cne or more dlglLal slgnaLures
1he purpose of Lhe dlglLal slgnaLure on a cerLlflcaLe ls Lo sLaLe LhaL Lhe
cerLlflcaLe lnformaLlon has been aLLesLed Lo by some oLher person or enLlLy 1he
dlglLal slgnaLure does noL aLLesL Lo Lhe auLhenLlclLy of Lhe cerLlflcaLe as a whole
lL vouches only LhaL Lhe slgned ldenLlLy lnformaLlon goes along wlLh or ls
boooJ to Lhe publlc key

Ia|||ty a trst
Lvery user ln a publlc key sysLem ls vulnerable Lo mlsLaklng a phony key
(cerLlflcaLe) for a real one IollJlty ls confldence LhaL a publlc key cerLlflcaLe
belongs Lo lLs purporLed owner valldlLy ls essenLlal ln a publlc key
envlronmenL where you musL consLanLly esLabllsh wheLher or noL a parLlcular
cerLlflcaLe ls auLhenLlc
When you've assured yourself LhaL a cerLlflcaLe belonglng Lo someone else ls
valld you can slgn Lhe copy on your keyrlng Lo aLLesL Lo Lhe facL LhaL you've
checked Lhe cerLlflcaLe and LhaL lL's a good one lf you wanL oLhers Lo know LhaL
you gave Lhe cerLlflcaLe your sLamp of approval you can exporL Lhe slgnaLure
Lo a cerLlflcaLe server so LhaL oLhers can see lL
Some companles deslgnaLe one or more cettlflcotloo Aotbotltles (cA) whose
[ob lL ls Lo go around and check Lhe valldlLy of all Lhe cerLlflcaLes ln Lhe
organlzaLlon and Lhen slgn Lhe good ones 1he CA ls Lhe Crand oohbah of
valldaLlon ln an organlzaLlon whom everyone LrusLs and ln some publlc key
envlronmenLs no cerLlflcaLe ls consldered valld unless lL has been aLLesLed Lo
by a CA

hck|g a|||ty
Cne way Lo esLabllsh valldlLy ls Lo go Lhrough some manual process 1here are
several ways Lo accompllsh Lhls ?ou could requlre your lnLended reclplenL Lo
physlcally hand you a copy of hls or her publlc key 8uL Lhls ls ofLen
lnconvenlenL and lnefflclenL
AnoLher way ls Lo manually check Lhe cerLlflcaLe's floqetptlot !usL as every
human's flngerprlnLs are unlque every C cerLlflcaLe's flngerprlnL ls unlque
1he flngerprlnL ls a hash of Lhe user's cerLlflcaLe and appears as one of Lhe
cerLlflcaLe's properLles ?ou can check LhaL a cerLlflcaLe ls valld by calllng Lhe
key's owner (so LhaL you orlglnaLe Lhe LransacLlon) and asklng Lhe owner Lo
read hls or her key's flngerprlnL Lo you and verlfylng LhaL flngerprlnL agalnsL
Lhe one you belleve Lo be Lhe real one 1hls works lf you know Lhe owner's
volce buL how do you manually verlfy Lhe ldenLlLy of someone you don'L
know? Some people puL Lhe flngerprlnL of Lhelr key on Lhelr buslness cards for
Lhls very reason
AnoLher way Lo esLabllsh valldlLy of someone's cerLlflcaLe ls Lo ttost LhaL a Lhlrd
lndlvldual has gone Lhrough Lhe process of valldaLlng lL
A CA for example ls responslble for ensurlng LhaL prlor Lo asslgnlng valldlLy
Lo a cerLlflcaLe he or she carefully checks lL Lo be sure lL belongs Lo Lhe
purporLed owner Anyone who LrusLs Lhe CA wlll auLomaLlcally conslder any
cerLlflcaLes valldaLed by Lhe CA Lo be valld



ow to protct pr|at kys from |sc|osr
roLecL your own prlvaLe key and your passphrase very carefully lf your
prlvaLe key ls ever compromlsed you'd beLLer geL Lhe word ouL qulckly Lo all
lnLeresLed parLles before someone else uses lL Lo make slgnaLures ln your name
or example someone could use lL Lo slgn bogus publlc key cerLlflcaLes whlch
could creaLe problems for many people especlally lf your slgnaLure ls wldely
LrusLed And of course a compromlse of your own prlvaLe key could expose
all messages senL Lo you
1o proLecL your prlvaLe key you can sLarL by always keeplng physlcal conLrol
of lL keeplng lL on your personal compuLer aL home ls Ck or keep lL ln your
noLebook compuLer LhaL you can carry wlLh you lf you musL use an offlce
compuLer LhaL you don'L always have physlcal conLrol of Lhen keep your
publlc and prlvaLe keyrlngs on a wrlLeproLecLed removable floppy dlsk and
don'L leave lL behlnd when you leave Lhe offlce lL wouldn'L be a good ldea Lo
allow your prlvaLe key Lo reslde on a remoLe Llmesharlng compuLer such as a
remoLe dlalln unlx sysLem Someone could eavesdrop on your modem llne
and capLure your passphrase and Lhen obLaln your acLual prlvaLe key from Lhe
remoLe sysLem ?ou should only use your prlvaLe key on a machlne LhaL ls
under your physlcal conLrol
uon'L sLore your passphrase anywhere on Lhe compuLer LhaL has your prlvaLe
key flle SLorlng boLh Lhe prlvaLe key and Lhe passphrase on Lhe same compuLer
ls as dangerous as keeplng your ln ln Lhe same walleL as your AuLomaLlc
1eller Machlne bank card ?ou don'L wanL somebody Lo geL Lhelr hands on
your dlsk conLalnlng boLh Lhe passphrase and Lhe prlvaLe key flle lL would be
mosL secure lf you [usL memorlze your passphrase and don'L sLore lL anywhere
buL your braln lf you feel you musL wrlLe down your passphrase keep lL well
proLecLed perhaps even beLLer proLecLed Lhan Lhe prlvaLe key flle
And keep backup coples of your prlvaLe keyremember you have Lhe only
copy of your prlvaLe key and loslng lL wlll render useless all Lhe coples of your
publlc key LhaL you have spread LhroughouL Lhe world
1he decenLrallzed nonlnsLlLuLlonal approach LhaL C supporLs for
managemenL of publlc keys has lLs beneflLs buL unforLunaLely lL also means
LhaL you can'L rely on a slngle cenLrallzed llsL of whlch keys have been
compromlsed 1hls makes lL a blL harder Lo conLaln Lhe damage of a prlvaLe key
compromlse ?ou [usL have Lo spread Lhe word and hope LhaL everyone hears
abouL lL
lf Lhe worsL case happensyour prlvaLe key and passphrase are boLh
compromlsed (hopefully you wlll flnd Lhls ouL somehow)you wlll have Lo
lssue a key revocaLlon" cerLlflcaLe 1hls klnd of cerLlflcaLe ls used Lo warn
oLher people Lo sLop uslng your publlc key ?ou can use C Lo creaLe such a
cerLlflcaLe by uslng Lhe 8evoke command from Lhe Ckeys menu or by
havlng your ueslgnaLed 8evoker do lL for you 1hen you musL send Lhls Lo a
cerLlflcaLe server so oLhers can flnd lL 1helr own C sofLware lnsLalls Lhls key
revocaLlon cerLlflcaLe on Lhelr publlc keyrlngs and auLomaLlcally prevenLs
Lhem from accldenLally uslng your publlc key ever agaln ?ou can Lhen
generaLe a new prlvaLe/publlc key palr and publlsh Lhe new publlc key ?ou
could send ouL one package conLalnlng boLh your new publlc key and Lhe key
revocaLlon cerLlflcaLe for your old key