Information Security Using Cryptography Information Technology Essay

Information Security Using cryptograph Information Technology EssayThis paper aims to stick out a f be review of Information trade treasureion and steganography, Information credential centre defend discipline and teaching systems from un certain pull back to (PROXY SERVERS), employ, disclosure, disruption, modification, or destruction. Goernments, military, financial institutions, hospitals, and snobbish businesses amass a great deal of cloak-and-dagger reading or so their employees, customers, harvest-tides, research, and financial status. defend confidential culture is a business dealment, and in m all cases as well an ethical and legal requirement.SECURITY in this contemporary scenarios has become a more(prenominal) sensible issue either it whitethorn be in the REAL WORLD or in the CYBER WORLD. In the real area as opposed to the cyber world an flak catcher is practic altogethery preceded by training gathering. This is also true in the cyber world. Here the ruffianly guys are referred to as intruders, hackers, hijackers, etc. The intruders would first gear have a birds-eye view of the victims net do break down and then start digging the holes. One of the system for protecting information from hackers is CryptographyCryptography defined as the intelligence and study of secret writing, concerns the ways in which communications and data evict be encoded to prevent disclosure of their contents through pass on interception, victimization codes autographs and a nonher(prenominal) methods, so that wholly certain people nominate bump the real pass on. encoding transfigures original information, called plain schoolbookbook, into transform information, called consider text, code text or simply cipher, which usually has the appearance of random, turbid data. Encryption provides confidentiality, oneness and authenticity of the information transferred from A to B.INTRODUCTIONThe objective of this paper is to provide the r eader with an insight into recent developments in the field of secret writing. Cryptography was utilise as a tool to protect national secrets and strategies. The proliferation of information processing systems and communications systems in the 1960s brought with it a demand from the private sector for intend to protect information in digital form and to provide hallmark attends. DES, the entropy Encryption Standard, is the most well- concern outn cryptologic mechanism. It remains the standard means for securing electronic commerce for many financial institutions around the world. The most strike development in the history of cryptography came in 1976 when Diffie and Hellmann troubleed new-fashioned Directions in Cryptography. The word cryptography comes from a Greek word which means hidden or secret. It is considered as a miraculous boon that go out solve all the calculator surety measure problems. It is also referred to as knowledge of secret writing. The objectiv e is to provide guarantor to the appropriate layer among the seven layers of nedeucerking infrastructure. This topic thunder mug be dealt mathematically also. But our focus is on cyber applications and its vitality. While cryptographers work on inventing clever secret codes, cryptanalysts attempt to ascertain these codes. Cryptology encompasses both the subjects. Symantec is launching Norton 360 in India, an online digital security solutions service that could be paid for on basis of actual usage. The company which has conf employ products to provide information security and retrieval of telld information, is also now into providing a regulatory compliances services. This is a sentence published in the famous report The HINDU .This is anexcellent evidence to support the sentence Ne twainrk security is extremely essential.Two entities A and B wish to work over a serious network . just now an intruder interrupts and shares their secrets without their knowledge. straight cryp tography has the powerfulness to unhorse information between entities in a way that prevents others from practice session it. For instance If the original contentedness was GIVE TWO MILLION he would have encoded the message with SHIFT BY 3 and so the message would now be JLYHWZRPLOORQ which is obviously in an unreadable format unless you know the method of deciphering.BASIC PRINCIPLESKey conceptsFor over twenty years information security has held that confidentiality, law and availability (known as the CIA Triad) are the core principles of information security.CIA TRAIDConfidentialityConfidentiality is a requisite for maintaining the privacy of the people whose personal information the government holds. Information that is considered to be confidential in nature essential only be accessed, physical exercised, copied, or disclosed by persons who have been authorized to access, white plague, copy, or disclose the information, and then only when there is a genuine indispensa bility to access, use, copy or disclose the information.A breach of confidentiality occurs when information that is considered to be confidential in nature has been, or may have been, accessed, use, copied, or disclosed to, or by, someone who was not authorized to have access to the information.IntegrityIn information security, integrity means that data can not be created, changed, or deleted without authorization. A loss of integrity occurs when an employee accidentally, or with malicious intent, deletes big data files. A loss of integrity can occur if a computer virus is released onto the computer. A loss of integrity can occur when an on-line shopper is able to change the price of the product they are purchasing.AvailabilityThe concept of availability means that the information, the computing systems apply to edge the information, and the security controls used to protect the information are all available and give outing correctly when the information is require.Defense in reasonablenessDuring its life time, information may pass through many distinguishable parts of information processing systems. There are many unalike ways the information and information systems can be threatened. To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms.The building up, layering on and overlapping of security measures is called defense in prescience. Additional insight into defense in depth can be gained by thinking of it as forming the layers of an onion, with data at the core of the onion, people as the outer layer of the onion, and network security, host-based security and applications security forming the inner layers of the onionCRYPTOGRAPHYOVERVIEWSecurity ConcernsSecurity Attacks geological faultInterceptionModification finesseMethods of defenseEncryptionSoftware ControlsHardware Controls somatic ControlsEncryptionCryptographyCryptanalysisEncryption algorithm typesAsym metric trigonalCryptographic AlgorithmsSecret detectPublic primordialHash diesHistory-Caesar cipherA unsubdivided substitution cipherPolyalphabetic substitution exampleUses of encodingApplications of cryptographySecurity ConcernsUnauthorized access to resources.Masquerade as authorized user or endsystem.E-mail forgery.Malicious attacks.Monitoring and overhear of network traffic.Exploitation of software bugsContributing FactorsIncreased Internet useHome broadband,Greater coverage (wired and wireless)More ubiquitous on-line useEducation,Business,Games,ShoppingLack of awareness of threats and risks.Wide-open network policies.Un enrolled network traffic. complexity of security measurements andadministration.Software bugs.Availability of cracking tools.Security AttacksInterruption This is an attack onAvailability.Interception This is an attack onconfidentiality.Modification This is an attack onintegrity.Fabrication This is an attack onauthenticity.Methods of defenseEncryption Encr yption is get wind change technology to implement computer security.Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user this process is called encryption. Information that has been encrypted (rendered unusable) can be transformed back into its original usable form by an authorized user, who possesses the cryptanalytic let on, through the process of traceion. Cryptography is used in information security to protect information from unauthorized or accidental discloser while the information is in transit (either electronically or physically) and while information is in storageCryptography can introduce security problems when it is not utilize correctly. The length and strength of the encryption tonality is also an important consideration. A headstone that is weak or too short will gravel weak encryption. The come upons used for encryption and decipherment must be protect with the same degree of rigor as any other confidential information.What is cryptography?Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure net whole kit and caboodle (like the Internet) so that it cannot be read by anyone except the think recipient.While cryptography is the science of securing data, coding is the science of analyzing and breaking secure communication.Cryptology embraces both cryptography and cryptanalysis.Strong cryptographyThere are two kinds of cryptography in this world cryptography that will shutdown your kid sister from reading your files, and cryptography that will stop study governments from reading your files.Cryptographic strength is measured in the time and resources it would require to recover the plaintext. The result of strong cryptography is cipher text that is truly difficult to decipher without possession of the appropriate decoding tool.H ow does cryptography work?A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key-a word, design, or phrase-to encrypt the plaintext. The same plaintext encrypts to divers(prenominal) cipher text with divers(prenominal) keys. The security of encrypted data is entirely mutualist on two things the strength of the cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem.Conventional cryptographyIn conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption.Encryption and decryptionData that can be read and understood without any special measures is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintex t results in unreadable gibber called cipher text. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting cipher text to its original plaintext is called decryption.This could be illustrated using the following diagram001010010111001100101001011001001011100100101Encryption and decryptionWhy Cryptography?Concerned with developing algorithms which may be used toConceal the context of some message from all except the transmitter and recipient (privacy or secrecy), and/orVerify the correctness of a message to the recipient (authentication)Forms the basis of many technological solutions to computer and communications security problemsElements of cryptographyIn cryptographic terminology, the message is called plaintext or clear text. encode the contents of the message in such a way that hides its contents from outsiders is called encryption.A method of encryption and decryption is called a cipher The make water cipher originates from the Hebrew word Saphar, meaning to number.The encrypted message is called the cipher text.The process of retrieving the plaintext from the cipher text is called decryption.Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key.CryptanalysisThe study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key is called Cryptanalysis. as well called code breaking sometimes.Whereas people who do cryptography are cryptographers and practitioners of cryptanalysis are cryptanalysts.CryptologyCryptology is the branch of mathematics that studies the mathematical foundations of cryptographic methods.Cryptology comes from the Greek words Krypton, meaning hidden, and Graphen, meaning to write. Cryptology is in reality the study of codes and ciphers.Cryptology = both cryptogr aphy and cryptanalysis.The KeyAll unexampled algorithms use a key to control encryption and decryption a message can be decrypted only if the key matches the encryption key.The key used for decryption can be different from the encryption key, but for most algorithms they are the same.Encryption Algorithm Types There are two classes of key-based algorithmsSymmetric (or secret-key)Asymmetric (or public-key) algorithmsThe difference is that symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key), whereas unsymmetrical algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key.Asymmetric Algorithms public keyPublic key cryptography is an asymmetric scheme that uses a pair of keys for encryption a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. eitherone with a copy of your public key can then encrypt information that only you can read. Even people you have neer met.It is computationally infeasible to deduce the private key from the public key. Any one who has a public key can encrypt the information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to fill in messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated all communications involve only public keys, and no private key is ever transmitted or shared.Public key algorithmSymmetric AlgorithmsSymmetric algorithms can be divided into two categories (1) stream ciphers and (2) block ciphers.Stream ciphers can encrypt a star bit/byte of plaintext at a time, whereas Block ciphers detract a number of bits (typically 64 b its in modern ciphers), and encrypt them as a single unit.Secret key and Public keyHash functionsAn improvement on the above scheme is the addition of a one-way hash function in the process. A one-way hash function takes variable-length input-in this case, a message of any length, even thousands or millions of bits-and produces a fixed-length output say, 160-bits. The hash function ensures that, if the information is changed in any way-even by just one bit-an entirely different output value is produced.As long as a secure hash function is used, there is no way to take someones signature from one document and attach it to another, or to alter a signed message in any way. The slightest change in a signed document will cause the digital signature stop process to fail.Hash FunctionsHistory Caesar CipherJulius Caesar used a simple alphabet (letter) substitution, offset by 3 letters.Taking the word cipher you would move ahead in the alphabet 3 letters to get FLSKHU.c =3 3+3 = 6 Fi =9 9+3 = 12 Lp =16 16+3 = 19 Sh =8 8+3 = 11 Ke =5 5+3 = 8 Hr =18 18+3= 21 UThis worked for a while, until more people learned to read and analyze his secret cipher.A Simple Substitution CipherPlaintextabcdefghijklmnopqrstuvwxyzQIAYMWFUBKPDGJZSOCVLXNETRHCipher textPolyalphabetic Substitution ExampleSuppose that a polyalphabetic cipher of period 3 is being used, with the collar monoalphabetic ciphers M1, M2, M3 as defined below. To encrypt a message, the first 3 letters of the plaintext are enciphered according to ciphers M1, M2, M3 respectively, with the process being repeat for each subsequent block of 3 plaintext letters.a b c d e f g h i j k l m n o p q r s t u v w x y zM1 K D N H P A W X C Z I M Q J B Y E T U G V R F O S LM2 P A G U K H J B Y D S O E M Q N W F Z I T C V L X RM3 J M F Z R N L D O W G I A K E S U C Q V H Y X T P BPlaintextNow is the time for every good manCiphertextJCQ CZ VXK VCER AQC PCRTX LBQZ QPKNoteThe two os in good have been enciphered as different l etters. Also the three letters X in the cipher text represent different letters in the plaintextUses of Encryption Protecting data from prying look is not the only security issue in networking.One can imagine at least four security servicesProtecting data from being read by unauthorized personsVerifying the sender of each message (authentication)Preventing unauthorized persons from inserting or deleting messagesMaking it possible for users to send signed documents electronicallyApplications of cryptographyDigital signatures have many applications in information security, including authentication, data integrity, and non-repudiation. One of the most significant applications of digital signatures is the certification of public keys in large networks. Certification is a means for a trusted third party (TTP) to bind the identity of a user to a public key, so that at some later time, other entities can authenticate a public key without assistance from a trusted third partyThere is a lot of information that we dont want other people to see. This can be achieved by cryptography such asCredit card informationPrivate arrangementSocial security numbersPersonal detailsSensitive company informationCONCLUSIONThus Information security measures are needed to protect data from hackers, when it is transmitted between terminal user and computer and between computer and computer and it is also necessary to protect the computer system when there is an attack of virus. The capability of security enabled components still lags slow the claims. Everyone has a different idea of what security is, and what levels of risk are acceptable. Its important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. As and when new security methods are developed, breaking of these methods has increased. So measures have to be taken to fill the loopholes, of which cryptography has and is playing a major role. Cryptography is evergre en and developments in this area are a better option.Basic security challenges in the corporate realm are not yet completely addressed. thus far the cumbersome combats devised against each of the security fissures, yet the cyber MAVERICKS all around the world are succeeding in their ways of perdition. This was quite evident from the E-attacks on BARC server post-September11th cyber attacks on FBI sites where even sophisticated surveillance systems couldnt come to their rescue. A case in point is that, E-ATTACKS are becoming notoriously one and only(prenominal) as compared with the traditional nuke-wars. Consequently, in the quench of thirst for more and more secured systems BIOMETRICS SYSTEM, QUANTUM CRYPTOGRAPHY and many more are innovatively being apply at a cumulative pace.