Cryptography

Your organization's network may consist of intranets, Internet sites, and extranets -all of which are potentially susceptible to access by unauthorized individuals who may maliciously view or alter your digital information assets.
A well-planned Public Key Infrastructure (PKI) can help you to secure data and distribute and manage identification credentials across your organization.

Public key cryptography is an important technology for ecommerce, intranets, extranets, and Web-enabled applications. The two fundamental operations associated with public key cryptography include encryption and authentication.
Windows Network uses public key cryptography in areas such as smart card logon, encryption File System (EFS), and Internet Protocol Security (IPSec). Public key cryptography provides privacy through data encryption, whether the data is in the form of e-mail messages, credit-card numbers sent over the Internet, or network traffic. Because public keys can be posted freely, complete strangers can establish private communications over public networks merely by retrieving each other's public keys and encrypting the data.

Using Public Keys and Private Keys Public key encryption uses two keys that are mathematically related. A key is a random string-such as a number, ASCII value, word, or phrase-that is used in conjunction with an algorithm. For public key encryption, every user has a pair of mathematically related keys, including: A private key, which is kept confidential. A public key, which is freely given out to all potential correspondents.

Encrypting and Decrypting Text The fundamental property of public key encryption is that the encryption and decryption keys are different Encryption with a public key is a one-way function. When you encrypt a document with a public key, plaintext turns into cipher text. A decryption key, which is related but not identical to the encryption key, is needed to turn the cipher text back into plaintext. If someone intercepts an encrypted message in transmission, the message is in cipher text and is unreadable.

Digital Signatures A digital signature is a means for the originator of a message, file, or other digitally encoded information to bind his or her identity to the information. The signature itself is a sequence of bits appended to a digital document. A digital signature ensures that: Only someone possessing the private key could have created the digital signature. Anyone with access to the corresponding public key can verify the digital signature.

Digital envelope

A type of security that uses two layers of encryption to protect a message. First, the message itself is encoded using symmetric encryption, and then the key to decode the message is encrypted using public-key encryption. This technique overcomes one of the problems of public-key encryption, which is that it is slower than symmetric encryption. Because only the key is protected with public-key encryption, there is very little overhead.
Digital envelope means (1) An encrypted message that uses both secret key and public key cryptography methods. A secret key is used to encrypt and decrypt the message, but the public key method is used to send the secret key to the other party. (2) A frame, or packet, of data that has been encrypted for transmission over a network. (3) A term occasionally used to describe inserting data into a packet or frame for transmission over a network. The envelope metaphor implies a container.

Hash Algorithms A digital signature uses an algorithm called a hash algorithm. Hash algorithms are designed to guarantee that if a single byte changes, processing the document generates a completely different hash. When a hash is encrypted by using a public key, any modification of the signed data invalidates the digital signature.

A certification authority (CA) is responsible for providing and assigning the keys for encryption, decryption, and authentication. A CA distributes keys by issuing certificates, which contain the public key and a set of attributes. A CA can issue certificates to a computer, a user account, or a service.

Certificates Certificates are signed documents that match public keys to other information, such as a name or an e-mail address. Certificates are signed by CAs that issues certificates. A CA's signature guarantees that the public key does indeed belong to the party that presents it. External and Internal CAs A CA can be an external issuing company, such as a large commercial CA that issues certificates to millions of users. Or a CA can be internal, such as department within a company that has installed its own server for issuing and verifying certificates. Each CA decides what attributes it includes in a certificate and what mechanism it uses to verify those attributes before issuing the certificate.

What is Encryption?
The process of rendering a message (or data) unusable to all but the intended recipients, who have the ability to decrypt it. Cryptography is the science of creating workable procedures for encrypting and decrypting messages. The goal is to ensure that a message intercepted by a distrusted user cannot be decrypted in a feasible amount of time.

It is the process of transforming plain text into unreadable form (called cipher text) using mathematical process/algorithm.

Method of Encryption and Transaction Security Secret-Key Encryption / Symmetric Encryption

Public-Key Encryption / Asymmetric Encryption

Comparing Secret-Key Encryption and Public-Key Encryption Methods Features

Number of Keys Types of Keys

Secret Key
Single key Key is secret

Public Key
Pair of keys

One key is private, and one key is public.

Key Management
Relative Speeds Usage

Simple but difficult to manage

Very fast Used for bulk data encryption

Need digital certificates and trusted third parties

Slower than Secret Key

Used for less demanding applications such as encrypting small documents or to sign messages.

Secret-Key Encryption
Anne (Sender)

Cipher Text

Cipher Text

Bob (Receiver)

Internet
Plain Text
Decrypt with Same secret key

Plain Text
Encrypt with secret key

Encryption Key = Decryption Key

Public-Key Encryption
Sender/ Buyer Cipher Text Cipher Text Receiver / Seller

Internet
Plain Text
Decrypt with Sellers Private key

Plain Text Encrypt with Sellers Public key

Public Key and Private Key are mathematically related.

A key is a random string such as a number, ASCII value, Word or Phrase that is used in conjunction with an algorithm.
Cryptographic security depends on three broad parameters viz: - Secrecy of the Key - Key Length - Strength of the cipher

The process of creating a digital signature using a hash function Figure => Send Message with Encryption at Transmitting End.

The process of verifying a digital signature created with a hash function Figure => Receive Message with Decryption at Receiving End.

Receiver Side

Sender Side

Key size, number of keys and time to break:

Key length in bits 2 Number of keys 4 4.3 billion 1.1 trillion Time to break Keys 0 2.9 millisecond 0.75 seconds 1.37 hours

Key Length
Key length is the third guarantor of cipher security. If the parties successfully protect keys and the cipher is strong, then it falls to key length to provide adequate security. In contemporary cryptography the key is a numerical value that is input to the cipher to cause it to encrypt the data in a unique way. For a strong cipher and a secure key, an opponent is forced to resort to trying all possible keys. If the key is long, it has many possible values, and the miscreant is faced with the difficult task of trying large number of combinations. Thus, security is closely related to the length of the key. Key length is usually given in bits. A key of n bits has 2n possible values. Depending on the cipher, today's commercial computers are able to try roughly a few trillion keys per second or 0.4583 * 1020 keys per year. The table below lists the number of keys and the estimate time it takes to break a key for various key lengths using conventional computers and contemporary ciphers.

32 40-DES 56 - Current US export limit 64 128 - Advanced Encryption Standard (AES) 256 512

7.2 thousand trillion

1.8 million trillion 3.4* 10 38 [34 followed by 37 zeros] 1.1 * 1077 [11 followed by 76 zeros] 1.3* 10 154 [13 followed by 153 zeros]

14.33 days 7.2 million trillion years 2.4* 1057 years [24 followed by 56 zeros] 2.8 * 10133 years [28 followed by 132 zeros]

1024

1.8 * 10308

4 * 10285 years

Hacking (Key Breaking) Speed of a standard powerful computer

Duration
Per Second

No. of Keys Generated / Recognize

14.5 * 1011

Per Hour
Per Day Per Year

52.32 * 1014
1.256 * 1017 (11/24) * 1020 = 0.4583 * 1020

Encryption Algorithm/Protocol
Public-Key Algorithm: RSA (Rivest-Shamir-Adelman) Diffie-Hellman Algorithm PGP (Pretty Good Privacy) ECC (Elliptic Curve Cryptography) Private-Key Algorithm: DES (Data Encryption Standard) / 3DES RC4 IDEA (International Data Encryption Algorithm)

** Different Algorithm uses diff. length of Keys ranges 40 1024 / 2048. The longer the key string digits, the more time requires and the more difficult the encrypted data is to break. But the transaction speed will be slower.

Encryption Protocol: SSL (Secure Socket Layer) Developed by Netscape Communication Ltd. SET (Secure Electronic Transaction) Developed by Visa and Master Card Corp.
* 3DES is more secure than DES because it uses DES algorithm 3 times and follows an enc-dec-enc sequence with 3 different unrelated keys.

security for e-payments

types of encryption systems symmetric (private key) same key used to encrypt and decrypt plain text shared by sender and receiver asymmetric (public key) different keys used public key to encrypt message private key to decrypt it public key encryption systems have needed long keys (512-1024 bits) to ensure security but long keys slow down encryption and decryption RSA algorithm most common PK encryption algorithm Rijndael algorithm uncrackable with 128-bit key

digital signatures and certificates

digital signatures needed for authenticity and nonrepudiation analogous to handwritten signature based on public keys used to: authenticate the identity of the sender of a message or document ensure the original content of the electronic message or document is unchanged portable and can be time stamped not easily imitated or repudiated digital certificates identifying the holder of a public key (key-exchange) issued by a trusted certificate authority (CA)

public key encryption and digital signatures

E Turban et al., Electronic Commerce- a Managerial Perspective (Prentice Hall, 2nd ed, 2002), Ch. 14.