digital signature, cryptography key managements, and the last part of the chapter are the .... purchased using the "Add to Cart" button on the product's webpage:.
���
Chapter XI
Cryptography for Information Security1 Wasim A. Al-Hamdani Kentucky State University, USA
AbstrAct This chapter introduces cryptography from information security phase rather than from deep mathematical and theoretical aspects, along with cryptography application in information security. The chapters introduce classical cryptography, block, stream cipher, and public key family, and with the most advance systems as elliptic curve, digital signature, cryptography key managements, and the last part of the chapter are the cryptography application in protocols, communications, e-mails, and the most advance research topics.
IntroductIon The word cryptography means “secret writing.” Some define “cryptography” as “study of mathematical techniques”. Cryptography is a function which transfer “plain text” pt in to “ciphertext” ct, and decryption is the inverse function which transfer “ciphertext” into “plain text.”
cryptographic goals The cryptography goals are: Privacy or confidentiality, data integrity, authentication and nonrepudiation.
Cryptography Classification Crypto system could be classified generally as “unkeyed” (key is not required for encryption and decryption) base algorithms and “keyed” (key is required for encryption and decryption) based. Unkeyed
base classified farther to “hash functions” (a method of turning data into a (relatively) small number that may serve as a digital “fingerprint” of the data), “pseudorandom generator” (an algorithm generates a sequence of numbers that approximate the properties of random numbers). Keyed base is classified into “symmetric” key (“secret key”) (uses identical key for encryption and decryption) and “asymmetric” (“public key” ) (the key for encryption and decryption are not identical). Symmetric algorithms are classified into: “block cipher” (encryption and decryption accomplish on fixed size of plain text/ciphertext called block of bits), “stream ciphers” (encryption and decryptions are accomplished on sequence of bits one bit at a time), “digital signatures” (an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document), hash functions, pseudorandom generator, “identification” (identifying something, map a known entity to unknown entity to make it known), and “authentications” (who or what
Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
Cryptography for Information Security
it claim to be). Asymmetric are classified into: digital signatures, identification, and authentications. The Symmetric could be classified as “conventional” or “classical” and “modern “algorithms.” The classical are classified into: “transposition “and “substitution;” another type of cryptography is called the “hybrid” which combines Symmetric and asymmetric to form hybrid ciphers. AttAcks on crypto system are “passive attacks” (called “traffic analysis” in which the intruder eavesdrops, but does not modify the message stream) and “active attack” (intruder modify (delete, replay) the massage) (Stallings, 2005). There are many different attacks such as: “ciphertext-only attack” (the attacker has one or more ciphertext messages), “known-plain text attack” (the attacker has one or more plain text messages and the associated ciphertext messages), “chosen-plain text attack” (the attacker can choose a plain text message and find out the associated ciphertext message), “adaptive chosen-plain text attack” (similar to chosen-plain text attack but the ciphertext messages gathered by the attacker can be used to determine the choice of the next plain text message to work with dynamically), “chosen-ciphertext attack” (the attacker can choose a ciphertext message and find out the associated plain text message), “adaptive chosen-ciphertext attack” (similar to chosen-ciphertext attack, but the plain text messages gathered by the attacker can be used to determine the choice of the next ciphertext message to work with dynamically), “frequency analysis” (attempts to break an encryption algorithm by studying the frequency of words and patterns in the ciphertext messages to figure out the encryption key; simple substitution and transposition ciphers are vulnerable to frequency analysis), “algebraic attack” (attempts to break an encryption algorithm by studying the mathematical structure of the algorithm), “analytic attack” (attempts to break an encryption algorithm by using algebraic manipulation to reduce the complexity), “statistical attack” (attempts to break an encryption algorithm by exploiting the statistical weaknesses in the design of the algorithm), “differential cryptanalysis” (is a chosenplain text attack; it attempts to break an encryption algorithm by using pairs of plain text messages with specific differences between the two messages of each message pair, and analyzing the effect of these differences on the associated ciphertext messages), “linear cryptanalysis” (is a known-plain text attack. It attempts to break an encryption algorithm by using linear approximations to describe the behaviors of the
algorithm), “meet-in-the-middle attack” (is a knownplain text attack in which the attacker half-encrypts a plain text message with all possible first-half keys and half-decrypts the associated ciphertext message with all possible second-half keys and hopes to get the same value.), “man-in-the-middle attack” (an attacker is able to read, insert and modify a messages between two parties without either party knowing that the link between them has been compromised), “exhaustive key search” or “brute force attack” (decrypt a ciphertext message by trying every possible key value until the resulting plain text message is meaningful) and “birth day attack” (probability that two or more people in a group of 23 share the same birthday is greater than 1/2; such a result is called a birthday paradox).
mAthemAtIcs bAckground probability theory A probability distribution P on a sample space S is a sequence of numbers P1 , P2 , . . . , Pn that are all nonnegative and sum 1. A probability distribution P on S is a function P : S → [0,1] such that P(x1 ) + P(x 2 ) + ... + P(x n ) = 1 . The number Pi is the probability of Si being the outcome of the experiment. An event E is a subset of the sample space S. The probability that event E occurs, denoted P(E). Why do we need Probabilities with cryptography? The studies of probability are required for birthday attack, statistical analysis and classical attack.
birthday problems Given a group of people, what is the probability of two people in the group having the same birthday? For a group of 400 people, guaranteed (a probability of one) since there are only 365 possible birthdays to go around. If there were only two people in the group, the chance that those two people share the same birthday is quite small (near to 0.) Generally, the birthday problem solved using the equation
1−
(366)(366 − 1)(366 − 2)...(366 − n) 366n
Why do we need to know birthday bay problem? It been used in several attacks.
���
15 more pages are available in the full version of this document, which may be purchased using the "Add to Cart" button on the product's webpage: www.igi-global.com/chapter/cryptography-information-security/20645
This title is available in InfoSci-Books, InfoSci-Security Technologies, Information Warfare and Homeland Security, Business-Technology-Solution, Science, Engineering, and Intelligent Technologies. Recommend this product to your librarian: www.igi-global.com/forms/refer-database-to-librarian.aspx?id=20645
Related Content Life Cycle Pattern Study of Malicious Codes June Wei, Randall C. Reid and Hongmei Zhang (2008). International Journal of Information Security and Privacy (pp. 26-41).
www.igi-global.com/article/life-cycle-pattern-study-malicious/2474 The Provably Secure Formal Methods for Authentication and Key Agreement Protocols Jianfeng Ma and Xinghua Li (2008). Handbook of Research on Wireless Security (pp. 210-235).
www.igi-global.com/chapter/provably-secure-formal-methods-authentication/22050 Designing a Secure Cloud Architecture: The SeCA Model Thijs Baars and Marco Spruit (2012). International Journal of Information Security and Privacy (pp. 14-32).
www.igi-global.com/article/designing-secure-cloud-architecture/64344 Pharming Attack Designs Manish Gupta (2007). Encyclopedia of Information Ethics and Security (pp. 520-526).
www.igi-global.com/chapter/pharming-attack-designs/13520
