***Welcome to ashrafedu.blogspot.com * * * This website is maintained by ASHRAF***

Posts

    Latest Updates

    Sunday, April 24, 2022

    Cryptography

    Cryptography is the study and practice of techniques for secure communication in the presence of third parties called adversaries. It deals with developing and analyzing protocols which prevents malicious third parties from retrieving information being shared between two entities thereby following the various aspects of information security. In Cryptography, an Adversary is a malicious entity, which aims to retrieve precious information or data thereby undermining the principles of information security.

    Data Confidentiality, Data Integrity, Authentication and Non-repudiation are core principles of modern-day cryptography.

    1. Confidentiality refers to certain rules and guidelines usually executed under confidentiality agreements which ensure that the information is restricted to certain people or places.
    2. Data integrity refers to maintaining and making sure that the data stays accurate and consistent over its entire life cycle.
    3. Authentication is the process of making sure that the piece of data being claimed by the user belongs to it.
    4. Non-repudiation refers to ability to make sure that a person or a party associated with a contract or a communication cannot deny the authenticity of their signature over their document or the sending of a message.

    Cryptography is classified into symmetric cryptography, asymmetric cryptography and hashing.

    Ø  Symmetric key cryptography –
    It involves usage of one secret key along with encryption and decryption algorithms which help in securing the contents of the message. The strength of symmetric key cryptography depends upon the number of key bits. It is relatively faster than asymmetric key cryptography. There arises a key distribution problem as the key has to be transferred from the sender to receiver through a secure channel.


    The encryption and decryption process uses the same key. It is also called as secret key cryptography. The main features of symmetric cryptography are as follows −

    • It is simpler and faster.
    • The two parties exchange the key in a secure way.

    The major drawback of symmetric cryptography is that if the key is leaked to the intruder, the message can be easily changed and this is considered as a risk factor.

    There are two types of symmetric encryption algorithms:

    1. Block algorithms. Set lengths of bits are encrypted in blocks of electronic data with the use of a specific secret key. As the data is being encrypted, the system holds the data in its memory as it waits for complete blocks.
    2. Stream algorithms. Data is encrypted as it streams instead of being retained in the system’s memory.

    Some examples of symmetric encryption algorithms include:

    • AES (Advanced Encryption Standard)
    • DES (Data Encryption Standard)
    • IDEA (International Data Encryption Algorithm)
    • Blowfish (Drop-in replacement for DES or IDEA)
    • RC4 (Rivest Cipher 4)
    • RC5 (Rivest Cipher 5)
    • RC6 (Rivest Cipher 6)

    AES, DES, IDEA, Blowfish, RC5 and RC6 are block ciphers. RC4 is stream cipher.

    The most popular symmetric key algorithm is Data Encryption Standard (DES).

    Some examples of where symmetric cryptography is used are:

    • Payment applications, such as card transactions where PII needs to be protected to prevent identity theft or fraudulent charges
    • Validations to confirm that the sender of a message is who he claims to be
    • Random number generation or hashing

    Ø  Asymmetric key cryptography –

    It is also known as public key cryptography because it involves usage of a public key along with secret key. It solves the problem of key distribution as both parties uses different keys for encryption/decryption. It is not feasible to use for decrypting bulk messages as it is very slow compared to symmetric key cryptography.


    Advantages of using asymmetric encryption include:

    • Key distribution not necessary: securing key distribution channels has long been a headache in cryptography. Asymmetric encryption eliminates key distribution entirelyThe needed public keys are exchanged through public-key servers, and the disclosure of public keys is not, at this time, detrimental to the security of encrypted messages, because they cannot be used to derive private keys.
    • Exchange of private keys not necessary: with asymmetric encryption, private keys should remain stored in a secure location and thus private to the entities using them. Basically, the keys needed to decrypt sensitive information are never, and should not ever be, exchanged over a potentially compromised communication channel, and that’s a major plus for the security and integrity of encrypted messages.
    • Digital signature/message authentication: with asymmetric encryption, senders can use their private keys to digitally sign and verify that a message or file originated from them and not an untrusted third party.

    Drawbacks

    • Due to its key length, it contributes lower encryption speed.
    • Key management is crucial.

    Examples of asymmetric encryption include:

    • Rivest Shamir Adleman (RSA)
    • the Digital Signature Standard (DSS), which incorporates the Digital Signature Algorithm (DSA)
    • Elliptical Curve Cryptography (ECC)
    • the Diffie-Hellman exchange method
    • TLS/SSL protocol


    No comments:

    Post a Comment

    Network session analysis

    Network session analysis Network session analysis is a method of monitoring network activity and availability to identify issues, such as ...