Viability of Cryptography FINAL PROJECT

Transcription

1 Viability of Cryptography FINAL PROJECT Name: Student Number: Course Name: SFWR ENG 4C03 Date: April 5, 2005 Submitted To: Kartik Krishnan

2 Overview: The simplest definition of cryptography is The process or skill of communicating in or deciphering secret writings or ciphers. The idea behind cryptography is rather easy to understand. First an individual wishes to transmit a message to another person without it being seen and understood by everyone in the path. This person then disguises the message and sends it to the receiver, who then in turn takes the disguised message and finds the original message. While this idea is easy to understand, the procedure to have this done successfully is at times very complicated. While many people think of cryptography with its uses in computer systems in today s society, it was not always used in the same manner. While the idea of keeping a message secret is the same, the ways of doing so has become much more sophisticated. With the aid of computer technology and mathematical knowledge, the level of securing a message has greatly increased. In ancient times, some methods of scrambling the message simply involved writing the message backwards or shifting all the characters to the one higher or lower. These codes were easy to crack, and soon they were found to be obsolete. Basics Behind the Technology: Cryptography is generally viewed as having two main stages. One step involves encrypting the original message and transforming it into an unreadable format. The second step involves taking the encrypted message and translating it back into the original form. Process The original message is referred to as plain text since it can be easily read by people. When a person writes a report, for example, they write it in plain text so that they can easily understand it. The plain text has mathematical manipulations applied to it, which results in a new format of the message. The unreadable format is then referred to as cipher text. The mathematical manipulations that are performed on the message can be very complex or very simple. In today s society, it is generally perceived that the higher the level of security the better. Therefore even though lower levels maybe acceptable for daily use, such as friendly s or online chat programs, for example, many of the systems today involve a higher level of protection. This may be the case since a user may decide to send very important information via e- mail and it is easier to implement one level of security then various levels. It also aids the user in case that they are unaware of how sensitive the information could be. 1

3 Once the message is encrypted it is sent to the receiver. This may involve a direct connection or require the message to be filtered through a few or many other systems. At each point in the transfer there is the risk that the message may be intercepted and changed by another computer. For this reason the message has been encrypted. Upon arrival at the final recipient, the message is then converted from the cipher text to the plain text once again for the user to be able to read the message. This process is known as decryption. Public-Key Cryptography In public-key cryptography, there are two keys generated. There are the public and private keys. The private key is used to encrypt the original plain text message into cipher text. The public key is then given to any second party who can then view the document by applying the public key to decipher. However it is not possible to encrypt the message with the public key. If there is an attempt to change the message, even if it is a single character, the mathematical formula that was used to encrypt the plain text would not yield the same result. The receiver would then compare the value that was initially given to the message, known as the checksum against the checksum that is in the message. If the checksum s do not agree then the receiver knows that the message has been altered in some format. The advantage of using this form of cryptography is convenience and increased security. Since the private keys used to encrypt the messages are not transmitted, there is very little chance that the message will be altered. This form of cryptography allows for digital signatures to be recorded. A digital signature is very hard to change and therefore it adds an additional level of security to the system. Public-key authentication also allows for non-repudiation, which eliminates the possibility of another party to claim that the message was altered since all the private-keys are only kept by the original sender. The major disadvantage of this method is the time it requires to generate both the private and public keys. For those encryptions that require a low level of security, a lower number of bits are used in the keys. While for those that require a higher level of security more bits are required, which slows down the key generation. Secret-Key Encryption Secret-key encryption is commonly referred to as symmetric-key encryption. With this form of cryptography the message is encrypted and decrypted with the same key. 2

4 The major advantage with this form of encryption is in the speed. Since there is only the need to generate one key, as opposed to the public-key method which requires two, there is less time required. The major disadvantage with this method involves the transmission of the key. The key must be shared with both the sender and recipient. In order to achieve this, the key must be sent with the message. This posses a threat to security as the key and message can be intercepted along the path, the key is then used to alter the information, and the incorrect message is then transmitted to the recipient. This problem can be solved by using a third-party that can be trusted; however there is little assurance that their security is not being compromised as well. Degree of Security While it may be desirable to have the highest level of security available at all times, it is not always necessary to do so. If the number of users to a system is small then the secret-key cryptography is sufficient. Only one or a very limited amount of people have access to the system and it is assumed that they all have the same level of access to the information. An example of this is with a small company payroll or a closed banking system. The best solution is to use both the public-key and secret-key cryptography methods. Depending on the level of security you can adapt each of the methods to give the appropriate level. The user can still create a secret key and then apply the public-key to make it more secure. Uses in Today s Society Cryptography has many uses in today s society. Banks use cryptography to ensure that the money is being transmitted to the correct individual and location. It is also being used in ing, online shopping and the transfer of any sensitive information. Conclusion With the world becoming a global community, the need for cryptography is becoming more apparent. With more information being sent over the internet, with some being of the critical and sensitive types, the need to protect the transmission from intruders is more important than in the past. While there is a need for different levels of security, the main trend is towards methods that offer a high degree of security while still being quick and efficient. 3

5 References Cryptography FAQ (06/10: Public Key Cryptography). Date retrieved: April 3, 2005 from < RSA Laboratories What is public-key cryptography? Date retrieved: March 31, 2005 from < Tschabitscher, Heinz How Public Key Encryption Works. Date retrieved: March 28, 2005 from < University of Washington Computing & Communications Encryption Technology. Date retrieved: April 1, 2005 from < l> Webopedia. October 9, Public-key Encryption. Date retrieved: March from < Wikipedia. March 7, Public-key cryptography. Date retrieved: April 2, 2005 < 4