http://wiki.cas.mcmaster.ca/index.php?feed=atom&target=Katmehm&title=Special%3AContributionsComputing and Software Wiki - User contributions [en]2026-04-09T21:04:21ZFrom Computing and Software WikiMediaWiki 1.15.1http://wiki.cas.mcmaster.ca/index.php/Motivations_for_the_Studies_of_HCIMotivations for the Studies of HCI2009-11-23T07:05:51Z<p>Katmehm: </p>
<hr />
<div>[[Image:Ergonomics.jpg|thumb|What is ergonmics?|480px|right|'''What Is Ergonomics?''']]<br />
<br />
== Overview ==<br />
<br />
As the capabilities of available technologies continue to grow, the technology itself becomes available to more types of user, each with different demands, goals, and needs. A good Human-Computer Interface (HCI) needs to address the limitations and needs of its user. In addition to meeting the needs of a growing and diverse user-base, research needs to be done in the field of HCI for computers to be accessible in mobile environments, to act as cost-saving measures, to ensure quality software development, and to address the health and safety of the user. These and other motivations elaborated below allow for engineers understand the subjective needs of the user.<br />
<br />
<br />
<br />
== Motivations ==<br />
<br />
=== Integration into Human Lifestyles ===<br />
<br />
*'''Users are not tolerant of poorly designed interfaces'''. Often users are susceptible to frustration, will not invest time in learning an unintuitive interface and will seek out a more suitable product or solution.<br />
<br />
*'''Consumers require products that are easy to learn and intuitive to navigate, especially as they are integrated into their daily lives'''. The best example of this is the innovation of the World Wide Web, which is considered to be the direct result of HCI research.<sup>[1]</sup> Especially in the mid 1990’s when the personal computer was not commonplace in the average North American home the way it is today, the idea of navigating over the web would be insurmountable to new users. HCI research, particularly related to direct manipulation led to the use of hyperlinks, making use of the internet accessible for new users.<br />
<br />
*'''The ways in which users adopt technology into their daily lives requires businesses to come up with interaction styles fitting to the context in which the technology is being used'''. Jobs require users to have access to computing resources away from their static desktop computer. For this reason, PDA’s, smart phones, and pocket PC’s have recently become commonplace in the business environment. New studies in HCI are required to make mobile interaction realistic so that the user is able to work just as effectively in a mobile environment. <sup>[2]</sup><br />
*'''Training is expensive'''. Users should not have the responsibility of allocating time, money, and motivation to learning a new interaction style. A good interface as the result of HCI studies would not place this burden on the user.<br />
<br />
<br />
=== Business/Commerical Motivations ===<br />
<br />
*'''Study of Technology Insertion Techniques in HCI can be used to reduce errors'''. Ultimately, this means a company can avoid errors that result in the loss of time, money, morale, and other costly factors.<br />
<br />
*'''The costs of training, motivating, and maintaining humans far outweigh the costs of developing hardware and software interaction systems'''. Effective HCIs allow workers to overcome human limitations and work more productively.<br />
<br />
*'''Businesses can use HCI research as motivations for developing new business models'''. For example, in 2009 Microsoft announced plans for Natal, a peripheral for the Xbox 360 home gaming console that uses physical movement and gesture recognition to make the gaming controller obsolete. Furthermore, the business decision is that consumers would be able to get a cutting-edge interaction experience without having to spend upwards of $500 on a new console. By studying HCI and applying new interaction techniques, Microsoft stands to change the gaming business model in a way that reduces their marketing costs and satisfies customers. <sup>[3]</sup><br />
<br />
<br />
=== Accessibility Concerns ===<br />
<br />
*'''Research in HCI must be done as a precautionary measure'''. A user may suffer from epilepsy or other complications arising from photosensitivity that can lead to convulsions, disorientation, and other harmful affects. Studies of refresh rates, jarring contrasts, allowable changes in brightness, and human vision concerns are necessary to avoid potentially harming the user. <br />
<br />
*'''The burden of communication is on the GUI.''' The application must be able to effectively communicate what actions are available to avoid misuse. This involves the study of regional languages, vision loss in the elderly, colourblindness, and how to accommodate other accessibility issues. Not only do these concepts need to be researched, but HCI's need to be studied to understand how to effectively integrate those accessability concerns into the system without introducing more confusion that could disrupt the system or harm the user. <br />
<br />
*'''A GUI is only as effective as the actions it is capable of performing'''. Studies of behavioural patterns, learning rates, and visual stimuli are needed to determine how users become more comfortable with the interface. By making an interface available to a variety of users with different levels of aptitude (novice, intermediate, expert) the interface becomes more useful in fulfilling its purpose. <sup>[4]</sup><br />
<br />
<br />
=== Quality Assurance of Software ===<br />
<br />
=== Development of Industry Standards ===<br />
<br />
== Human Factors ==<br />
<br />
Human Factors is an umbrella term for several areas of research. Motivation rises for the study of human factors that include [[Motivations for the Studying of HCI#Human Performance|human performance]], [[Motivations for the Studying of HCI#Technology Design|technology design]] and [[Motivations for the Studying of HCI#Human-Computer Interaction|Human-Computer Interaction (HCI)]]. Human factors is often used interchangeably with User Interface Design or Human-Computer Interaction. <br />
<br />
The concept of human factors emerged during the industrial revolution and became a full-fledged discipline during World War II. <br />
<br />
Human factors recognized that aircraft cockpit design needed to consider the human interface for controls and displays.Design engineers focused on technology and the industrial psychologists worked to optimize the interface. There is a tremendous overlap in these disciplines. Human factors refer to hardware design and HCI is frequently used by the software engineers. Engineering psychologists work in both disciplines and the overlap is considered greater than the difference.<br />
http://www.duke.edu/web/informatics/HF/HumanFactors.html<br />
<br />
Another example of this area of research occurs in the Human Factors Research and Technology Division at NASA Ames Research Center <sup>[4]</sup>. This area focuses on the need for safe, efficient and cost-effective operations, maintenance and training, both in flight aircrafts and on the ground.<br />
<br />
[[Image:Human_factors.jpg|frame|Human Factors|right|Hardware design promoting a healthy desktop environment.]]<br />
<br />
See below for further information on some specific subjects of human factors. <br />
<br />
===Human Performance===<br />
<br />
Human factors or HCI must consider integration of human mental abilities, i.e. short and long-term memory, visual scanning, and the development of mental cognitive models. HCI not only includes the specification, design, and development of systems, it must also include the actual training, skill levels, and organizational aspects of the end users. By considering these characteristics, data entry and understanding information technology becomes easier. HCI includes several areas that are paramount in the interaction of humans and machines. These areas include staffing, personnel, training, human factors engineering, and health risks, as well as managerial, public, and personal safety issues surrounding machines. Other issues that must be considered with HCI are the designs of language, entering methods, graphics, visual representation, and consistency of a system's look. Human factors is a comprehensive expression covering an assortment of areas speaking to the purpose of objects people use, from the scalpel to the computer within healthcare. <br />
<br />
=== Technology Design ===<br />
=== Human-Computer Interaction ===<br />
<br />
== Ergonomics ==<br />
===Definition:===<br />
The term Ergonomics is derived from two Greek words Nomoi meaning natural laws and Ergon meaning work. Hence, ergonomists study human capabilities in relationship to work demands.<br />
<br />
===Principles of Ergonomics:===<br />
There are '''10 basic''' principles:<br />
<br />
1. ''Work in Neutral Postures'': Your posture provides a good starting point for evaluating the tasks that you do. The best positions in which to work are those that keep the body "in neutral." <br />
<br />
2. ''Reduce Excessive Force'': Excessive force on your joints can create a potential for fatigue and injury. In practical terms, the action item is for you to identify specific instances of excessive force and think of ways to make improvements.<br />
<br />
3. ''Keep Everything in Easy Reach'': The next principle deals with keeping things within easy reach. In many ways, this principle is redundant with posture, but it helps to evaluate a task from this specific perspective.<br />
[[Image:P19_Reach_for_mouse.jpg|thumb|alt=Puzzle globe logo|problems with reach are simply matters of rearranging your work area and moving things closer to you]]<br />
<br />
4. ''Work at Proper Heights'': Working at the right height is also a way to make things easier.<br />
[[Image:P23_elbow_ht_typing.jpg|thumb|alt=Puzzle globe logo|A good rule of thumb is that most work should be done at about elbow height, whether sitting or standing.]]<br />
<br />
5. ''Reduce Excessive Motions'': The next principle to think about is the number of motions you make throughout a day, whether with your fingers, your wrists, your arms, or your back.<br />
<br />
6. ''Minimize Fatigue and Static Load'': Holding the same position for a period of time is known as static load. It creates fatigue and discomfort and can interfere with work.<br />
<br />
7. ''Minimize Pressure Points'': Another thing to watch out for is excessive pressure points, sometimes called "contact stress." <br />
<br />
8. ''Provide Clearance'': Having enough clearance is a concept that is easy to relate to.<br />
<br />
9. ''Move, Exercise, and Stretch'': To be healthy the human body needs to be exercised and stretched.<br />
<br />
10. ''Maintain a Comfortable Environment'': This principle is more or less a catch-all that can mean different things depending upon the nature of the types of operations that you do.<br />
<br />
<br />
this is [http://en.wikipedia.org/wiki/Fitts's_law Fitts's] law<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
http://www.duke.edu/web/informatics/HF/HF-ergonomics.html<br />
<br />
== References ==<br />
<div class="references-small"><br />
:'''1.''' A brief history of human-computer interaction technology. ACM Interactions. http://portal.acm.org/citation.cfm?doid=274430.274436<br />
<br />
:'''2.''' Using while moving: HCI issues in fieldwork environments. ACM Transactions on Computer-Human Interaction (TOCHI) http://delivery.acm.org/10.1145/360000/355329/p417-pascoe.pdf?key1=355329&key2=2746298521&coll=GUIDE&dl=GUIDE&CFID=64390082&CFTOKEN=12638977<br />
<br />
:'''3.''' Reuters: Microsoft unveils new Xbox technology, enlists Facebook. http://www.reuters.com/article/internetNews/idUSTRE5506FO20090601<br />
<br />
:'''4.''' Poelman, S. (2009) Software Engineering 4D03/6D03/Computer Science 4HC3 Lecture Notes<br />
<br />
:'''5.''' Human Factors 101. http://human-factors.arc.nasa.gov/web/hf101/<br />
<br />
:'''6.''' [[Fitts's Law]]: <cite> [http://en.wikipedia.org/wiki/Fitts's_law]</cite><br />
</div><br />
<br />
--[[User:Katmehm|Katmehm]] 02:05, 23 November 2009 (EST)</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Motivations_for_the_Studies_of_HCIMotivations for the Studies of HCI2009-11-23T07:03:54Z<p>Katmehm: /* References */</p>
<hr />
<div>[[Image:Ergonomics.jpg|thumb|What is ergonmics?|480px|right|'''What Is Ergonomics?''']]<br />
<br />
== Overview ==<br />
<br />
As the capabilities of available technologies continue to grow, the technology itself becomes available to more types of user, each with different demands, goals, and needs. A good Human-Computer Interface (HCI) needs to address the limitations and needs of its user. In addition to meeting the needs of a growing and diverse user-base, research needs to be done in the field of HCI for computers to be accessible in mobile environments, to act as cost-saving measures, to ensure quality software development, and to address the health and safety of the user. These and other motivations elaborated below allow for engineers understand the subjective needs of the user.<br />
<br />
<br />
<br />
== Motivations ==<br />
<br />
=== Integration into Human Lifestyles ===<br />
<br />
*'''Users are not tolerant of poorly designed interfaces'''. Often users are susceptible to frustration, will not invest time in learning an unintuitive interface and will seek out a more suitable product or solution.<br />
<br />
*'''Consumers require products that are easy to learn and intuitive to navigate, especially as they are integrated into their daily lives'''. The best example of this is the innovation of the World Wide Web, which is considered to be the direct result of HCI research.<sup>[1]</sup> Especially in the mid 1990’s when the personal computer was not commonplace in the average North American home the way it is today, the idea of navigating over the web would be insurmountable to new users. HCI research, particularly related to direct manipulation led to the use of hyperlinks, making use of the internet accessible for new users.<br />
<br />
*'''The ways in which users adopt technology into their daily lives requires businesses to come up with interaction styles fitting to the context in which the technology is being used'''. Jobs require users to have access to computing resources away from their static desktop computer. For this reason, PDA’s, smart phones, and pocket PC’s have recently become commonplace in the business environment. New studies in HCI are required to make mobile interaction realistic so that the user is able to work just as effectively in a mobile environment. <sup>[2]</sup><br />
*'''Training is expensive'''. Users should not have the responsibility of allocating time, money, and motivation to learning a new interaction style. A good interface as the result of HCI studies would not place this burden on the user.<br />
<br />
<br />
=== Business/Commerical Motivations ===<br />
<br />
*'''Study of Technology Insertion Techniques in HCI can be used to reduce errors'''. Ultimately, this means a company can avoid errors that result in the loss of time, money, morale, and other costly factors.<br />
<br />
*'''The costs of training, motivating, and maintaining humans far outweigh the costs of developing hardware and software interaction systems'''. Effective HCIs allow workers to overcome human limitations and work more productively.<br />
<br />
*'''Businesses can use HCI research as motivations for developing new business models'''. For example, in 2009 Microsoft announced plans for Natal, a peripheral for the Xbox 360 home gaming console that uses physical movement and gesture recognition to make the gaming controller obsolete. Furthermore, the business decision is that consumers would be able to get a cutting-edge interaction experience without having to spend upwards of $500 on a new console. By studying HCI and applying new interaction techniques, Microsoft stands to change the gaming business model in a way that reduces their marketing costs and satisfies customers. <sup>[3]</sup><br />
<br />
<br />
=== Accessibility Concerns ===<br />
<br />
*'''Research in HCI must be done as a precautionary measure'''. A user may suffer from epilepsy or other complications arising from photosensitivity that can lead to convulsions, disorientation, and other harmful affects. Studies of refresh rates, jarring contrasts, allowable changes in brightness, and human vision concerns are necessary to avoid potentially harming the user. <br />
<br />
*'''The burden of communication is on the GUI.''' The application must be able to effectively communicate what actions are available to avoid misuse. This involves the study of regional languages, vision loss in the elderly, colourblindness, and how to accommodate other accessibility issues. Not only do these concepts need to be researched, but HCI's need to be studied to understand how to effectively integrate those accessability concerns into the system without introducing more confusion that could disrupt the system or harm the user. <br />
<br />
*'''A GUI is only as effective as the actions it is capable of performing'''. Studies of behavioural patterns, learning rates, and visual stimuli are needed to determine how users become more comfortable with the interface. By making an interface available to a variety of users with different levels of aptitude (novice, intermediate, expert) the interface becomes more useful in fulfilling its purpose. <sup>[4]</sup><br />
<br />
<br />
=== Quality Assurance of Software ===<br />
<br />
=== Development of Industry Standards ===<br />
<br />
== Human Factors ==<br />
<br />
Human Factors is an umbrella term for several areas of research. Motivation rises for the study of human factors that include [[Motivations for the Studying of HCI#Human Performance|human performance]], [[Motivations for the Studying of HCI#Technology Design|technology design]] and [[Motivations for the Studying of HCI#Human-Computer Interaction|Human-Computer Interaction (HCI)]]. Human factors is often used interchangeably with User Interface Design or Human-Computer Interaction. <br />
<br />
The concept of human factors emerged during the industrial revolution and became a full-fledged discipline during World War II. <br />
<br />
Human factors recognized that aircraft cockpit design needed to consider the human interface for controls and displays.Design engineers focused on technology and the industrial psychologists worked to optimize the interface. There is a tremendous overlap in these disciplines. Human factors refer to hardware design and HCI is frequently used by the software engineers. Engineering psychologists work in both disciplines and the overlap is considered greater than the difference.<br />
http://www.duke.edu/web/informatics/HF/HumanFactors.html<br />
<br />
Another example of this area of research occurs in the Human Factors Research and Technology Division at NASA Ames Research Center <sup>[4]</sup>. This area focuses on the need for safe, efficient and cost-effective operations, maintenance and training, both in flight aircrafts and on the ground.<br />
<br />
[[Image:Human_factors.jpg|frame|Human Factors|right|Hardware design promoting a healthy desktop environment.]]<br />
<br />
See below for further information on some specific subjects of human factors. <br />
<br />
===Human Performance===<br />
<br />
Human factors or HCI must consider integration of human mental abilities, i.e. short and long-term memory, visual scanning, and the development of mental cognitive models. HCI not only includes the specification, design, and development of systems, it must also include the actual training, skill levels, and organizational aspects of the end users. By considering these characteristics, data entry and understanding information technology becomes easier. HCI includes several areas that are paramount in the interaction of humans and machines. These areas include staffing, personnel, training, human factors engineering, and health risks, as well as managerial, public, and personal safety issues surrounding machines. Other issues that must be considered with HCI are the designs of language, entering methods, graphics, visual representation, and consistency of a system's look. Human factors is a comprehensive expression covering an assortment of areas speaking to the purpose of objects people use, from the scalpel to the computer within healthcare. <br />
<br />
=== Technology Design ===<br />
=== Human-Computer Interaction ===<br />
<br />
== Ergonomics ==<br />
===Definition:===<br />
The term Ergonomics is derived from two Greek words Nomoi meaning natural laws and Ergon meaning work. Hence, ergonomists study human capabilities in relationship to work demands.<br />
<br />
===Principles of Ergonomics:===<br />
There are '''10 basic''' principles:<br />
<br />
1. ''Work in Neutral Postures'': Your posture provides a good starting point for evaluating the tasks that you do. The best positions in which to work are those that keep the body "in neutral." <br />
<br />
2. ''Reduce Excessive Force'': Excessive force on your joints can create a potential for fatigue and injury. In practical terms, the action item is for you to identify specific instances of excessive force and think of ways to make improvements.<br />
<br />
3. ''Keep Everything in Easy Reach'': The next principle deals with keeping things within easy reach. In many ways, this principle is redundant with posture, but it helps to evaluate a task from this specific perspective.<br />
[[Image:P19_Reach_for_mouse.jpg|thumb|alt=Puzzle globe logo|problems with reach are simply matters of rearranging your work area and moving things closer to you]]<br />
<br />
4. ''Work at Proper Heights'': Working at the right height is also a way to make things easier.<br />
[[Image:P23_elbow_ht_typing.jpg|thumb|alt=Puzzle globe logo|A good rule of thumb is that most work should be done at about elbow height, whether sitting or standing.]]<br />
<br />
5. ''Reduce Excessive Motions'': The next principle to think about is the number of motions you make throughout a day, whether with your fingers, your wrists, your arms, or your back.<br />
<br />
6. ''Minimize Fatigue and Static Load'': Holding the same position for a period of time is known as static load. It creates fatigue and discomfort and can interfere with work.<br />
<br />
7. ''Minimize Pressure Points'': Another thing to watch out for is excessive pressure points, sometimes called "contact stress." <br />
<br />
8. ''Provide Clearance'': Having enough clearance is a concept that is easy to relate to.<br />
<br />
9. ''Move, Exercise, and Stretch'': To be healthy the human body needs to be exercised and stretched.<br />
<br />
10. ''Maintain a Comfortable Environment'': This principle is more or less a catch-all that can mean different things depending upon the nature of the types of operations that you do.<br />
<br />
<br />
this is [http://en.wikipedia.org/wiki/Fitts's_law Fitts's] law<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
http://www.duke.edu/web/informatics/HF/HF-ergonomics.html<br />
<br />
== References ==<br />
<div class="references-small"><br />
:'''1.''' A brief history of human-computer interaction technology. ACM Interactions. http://portal.acm.org/citation.cfm?doid=274430.274436<br />
<br />
:'''2.''' Using while moving: HCI issues in fieldwork environments. ACM Transactions on Computer-Human Interaction (TOCHI) http://delivery.acm.org/10.1145/360000/355329/p417-pascoe.pdf?key1=355329&key2=2746298521&coll=GUIDE&dl=GUIDE&CFID=64390082&CFTOKEN=12638977<br />
<br />
:'''3.''' Reuters: Microsoft unveils new Xbox technology, enlists Facebook. http://www.reuters.com/article/internetNews/idUSTRE5506FO20090601<br />
<br />
:'''4.''' Poelman, S. (2009) Software Engineering 4D03/6D03/Computer Science 4HC3 Lecture Notes<br />
<br />
:'''5.''' Human Factors 101. http://human-factors.arc.nasa.gov/web/hf101/<br />
<br />
:'''6.''' [[Fitts's Law]]: <cite> [http://en.wikipedia.org/wiki/Fitts's_law]</cite><br />
</div></div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Motivations_for_the_Studies_of_HCIMotivations for the Studies of HCI2009-11-23T06:59:49Z<p>Katmehm: </p>
<hr />
<div>[[Image:Ergonomics.jpg|thumb|What is ergonmics?|480px|right|'''What Is Ergonomics?''']]<br />
<br />
== Overview ==<br />
<br />
As the capabilities of available technologies continue to grow, the technology itself becomes available to more types of user, each with different demands, goals, and needs. A good Human-Computer Interface (HCI) needs to address the limitations and needs of its user. In addition to meeting the needs of a growing and diverse user-base, research needs to be done in the field of HCI for computers to be accessible in mobile environments, to act as cost-saving measures, to ensure quality software development, and to address the health and safety of the user. These and other motivations elaborated below allow for engineers understand the subjective needs of the user.<br />
<br />
<br />
<br />
== Motivations ==<br />
<br />
=== Integration into Human Lifestyles ===<br />
<br />
*'''Users are not tolerant of poorly designed interfaces'''. Often users are susceptible to frustration, will not invest time in learning an unintuitive interface and will seek out a more suitable product or solution.<br />
<br />
*'''Consumers require products that are easy to learn and intuitive to navigate, especially as they are integrated into their daily lives'''. The best example of this is the innovation of the World Wide Web, which is considered to be the direct result of HCI research.<sup>[1]</sup> Especially in the mid 1990’s when the personal computer was not commonplace in the average North American home the way it is today, the idea of navigating over the web would be insurmountable to new users. HCI research, particularly related to direct manipulation led to the use of hyperlinks, making use of the internet accessible for new users.<br />
<br />
*'''The ways in which users adopt technology into their daily lives requires businesses to come up with interaction styles fitting to the context in which the technology is being used'''. Jobs require users to have access to computing resources away from their static desktop computer. For this reason, PDA’s, smart phones, and pocket PC’s have recently become commonplace in the business environment. New studies in HCI are required to make mobile interaction realistic so that the user is able to work just as effectively in a mobile environment. <sup>[2]</sup><br />
*'''Training is expensive'''. Users should not have the responsibility of allocating time, money, and motivation to learning a new interaction style. A good interface as the result of HCI studies would not place this burden on the user.<br />
<br />
<br />
=== Business/Commerical Motivations ===<br />
<br />
*'''Study of Technology Insertion Techniques in HCI can be used to reduce errors'''. Ultimately, this means a company can avoid errors that result in the loss of time, money, morale, and other costly factors.<br />
<br />
*'''The costs of training, motivating, and maintaining humans far outweigh the costs of developing hardware and software interaction systems'''. Effective HCIs allow workers to overcome human limitations and work more productively.<br />
<br />
*'''Businesses can use HCI research as motivations for developing new business models'''. For example, in 2009 Microsoft announced plans for Natal, a peripheral for the Xbox 360 home gaming console that uses physical movement and gesture recognition to make the gaming controller obsolete. Furthermore, the business decision is that consumers would be able to get a cutting-edge interaction experience without having to spend upwards of $500 on a new console. By studying HCI and applying new interaction techniques, Microsoft stands to change the gaming business model in a way that reduces their marketing costs and satisfies customers. <sup>[3]</sup><br />
<br />
<br />
=== Accessibility Concerns ===<br />
<br />
*'''Research in HCI must be done as a precautionary measure'''. A user may suffer from epilepsy or other complications arising from photosensitivity that can lead to convulsions, disorientation, and other harmful affects. Studies of refresh rates, jarring contrasts, allowable changes in brightness, and human vision concerns are necessary to avoid potentially harming the user. <br />
<br />
*'''The burden of communication is on the GUI.''' The application must be able to effectively communicate what actions are available to avoid misuse. This involves the study of regional languages, vision loss in the elderly, colourblindness, and how to accommodate other accessibility issues. Not only do these concepts need to be researched, but HCI's need to be studied to understand how to effectively integrate those accessability concerns into the system without introducing more confusion that could disrupt the system or harm the user. <br />
<br />
*'''A GUI is only as effective as the actions it is capable of performing'''. Studies of behavioural patterns, learning rates, and visual stimuli are needed to determine how users become more comfortable with the interface. By making an interface available to a variety of users with different levels of aptitude (novice, intermediate, expert) the interface becomes more useful in fulfilling its purpose. <sup>[4]</sup><br />
<br />
<br />
=== Quality Assurance of Software ===<br />
<br />
=== Development of Industry Standards ===<br />
<br />
== Human Factors ==<br />
<br />
Human Factors is an umbrella term for several areas of research. Motivation rises for the study of human factors that include [[Motivations for the Studying of HCI#Human Performance|human performance]], [[Motivations for the Studying of HCI#Technology Design|technology design]] and [[Motivations for the Studying of HCI#Human-Computer Interaction|Human-Computer Interaction (HCI)]]. Human factors is often used interchangeably with User Interface Design or Human-Computer Interaction. <br />
<br />
The concept of human factors emerged during the industrial revolution and became a full-fledged discipline during World War II. <br />
<br />
Human factors recognized that aircraft cockpit design needed to consider the human interface for controls and displays.Design engineers focused on technology and the industrial psychologists worked to optimize the interface. There is a tremendous overlap in these disciplines. Human factors refer to hardware design and HCI is frequently used by the software engineers. Engineering psychologists work in both disciplines and the overlap is considered greater than the difference.<br />
http://www.duke.edu/web/informatics/HF/HumanFactors.html<br />
<br />
Another example of this area of research occurs in the Human Factors Research and Technology Division at NASA Ames Research Center <sup>[4]</sup>. This area focuses on the need for safe, efficient and cost-effective operations, maintenance and training, both in flight aircrafts and on the ground.<br />
<br />
[[Image:Human_factors.jpg|frame|Human Factors|right|Hardware design promoting a healthy desktop environment.]]<br />
<br />
See below for further information on some specific subjects of human factors. <br />
<br />
===Human Performance===<br />
<br />
Human factors or HCI must consider integration of human mental abilities, i.e. short and long-term memory, visual scanning, and the development of mental cognitive models. HCI not only includes the specification, design, and development of systems, it must also include the actual training, skill levels, and organizational aspects of the end users. By considering these characteristics, data entry and understanding information technology becomes easier. HCI includes several areas that are paramount in the interaction of humans and machines. These areas include staffing, personnel, training, human factors engineering, and health risks, as well as managerial, public, and personal safety issues surrounding machines. Other issues that must be considered with HCI are the designs of language, entering methods, graphics, visual representation, and consistency of a system's look. Human factors is a comprehensive expression covering an assortment of areas speaking to the purpose of objects people use, from the scalpel to the computer within healthcare. <br />
<br />
=== Technology Design ===<br />
=== Human-Computer Interaction ===<br />
<br />
== Ergonomics ==<br />
===Definition:===<br />
The term Ergonomics is derived from two Greek words Nomoi meaning natural laws and Ergon meaning work. Hence, ergonomists study human capabilities in relationship to work demands.<br />
<br />
===Principles of Ergonomics:===<br />
There are '''10 basic''' principles:<br />
<br />
1. ''Work in Neutral Postures'': Your posture provides a good starting point for evaluating the tasks that you do. The best positions in which to work are those that keep the body "in neutral." <br />
<br />
2. ''Reduce Excessive Force'': Excessive force on your joints can create a potential for fatigue and injury. In practical terms, the action item is for you to identify specific instances of excessive force and think of ways to make improvements.<br />
<br />
3. ''Keep Everything in Easy Reach'': The next principle deals with keeping things within easy reach. In many ways, this principle is redundant with posture, but it helps to evaluate a task from this specific perspective.<br />
[[Image:P19_Reach_for_mouse.jpg|thumb|alt=Puzzle globe logo|problems with reach are simply matters of rearranging your work area and moving things closer to you]]<br />
<br />
4. ''Work at Proper Heights'': Working at the right height is also a way to make things easier.<br />
[[Image:P23_elbow_ht_typing.jpg|thumb|alt=Puzzle globe logo|A good rule of thumb is that most work should be done at about elbow height, whether sitting or standing.]]<br />
<br />
5. ''Reduce Excessive Motions'': The next principle to think about is the number of motions you make throughout a day, whether with your fingers, your wrists, your arms, or your back.<br />
<br />
6. ''Minimize Fatigue and Static Load'': Holding the same position for a period of time is known as static load. It creates fatigue and discomfort and can interfere with work.<br />
<br />
7. ''Minimize Pressure Points'': Another thing to watch out for is excessive pressure points, sometimes called "contact stress." <br />
<br />
8. ''Provide Clearance'': Having enough clearance is a concept that is easy to relate to.<br />
<br />
9. ''Move, Exercise, and Stretch'': To be healthy the human body needs to be exercised and stretched.<br />
<br />
10. ''Maintain a Comfortable Environment'': This principle is more or less a catch-all that can mean different things depending upon the nature of the types of operations that you do.<br />
<br />
<br />
this is [http://en.wikipedia.org/wiki/Fitts's_law Fitts's] law<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
http://www.duke.edu/web/informatics/HF/HF-ergonomics.html<br />
<br />
== References ==<br />
<br />
:'''1.''' A brief history of human-computer interaction technology. ACM Interactions. http://portal.acm.org/citation.cfm?doid=274430.274436<br />
<br />
:'''2.''' Using while moving: HCI issues in fieldwork environments. ACM Transactions on Computer-Human Interaction (TOCHI) http://delivery.acm.org/10.1145/360000/355329/p417-pascoe.pdf?key1=355329&key2=2746298521&coll=GUIDE&dl=GUIDE&CFID=64390082&CFTOKEN=12638977<br />
<br />
:'''3.''' Reuters: Microsoft unveils new Xbox technology, enlists Facebook. http://www.reuters.com/article/internetNews/idUSTRE5506FO20090601<br />
<br />
:'''4.''' Poelman, S. (2009) Software Engineering 4D03/6D03/Computer Science 4HC3 Lecture Notes<br />
<br />
:'''5.''' Human Factors 101. http://human-factors.arc.nasa.gov/web/hf101/<br />
<br />
:'''6.''' Fitts's Law. http://en.wikipedia.org/wiki/Fitts's_law</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Motivations_for_the_Studies_of_HCIMotivations for the Studies of HCI2009-11-23T06:58:44Z<p>Katmehm: </p>
<hr />
<div>[[Image:Ergonomics.jpg|thumb|What is ergonmics?|right|'''What Is Ergonomics?''']]<br />
<br />
== Overview ==<br />
<br />
As the capabilities of available technologies continue to grow, the technology itself becomes available to more types of user, each with different demands, goals, and needs. A good Human-Computer Interface (HCI) needs to address the limitations and needs of its user. In addition to meeting the needs of a growing and diverse user-base, research needs to be done in the field of HCI for computers to be accessible in mobile environments, to act as cost-saving measures, to ensure quality software development, and to address the health and safety of the user. These and other motivations elaborated below allow for engineers understand the subjective needs of the user.<br />
<br />
<br />
<br />
== Motivations ==<br />
<br />
=== Integration into Human Lifestyles ===<br />
<br />
*'''Users are not tolerant of poorly designed interfaces'''. Often users are susceptible to frustration, will not invest time in learning an unintuitive interface and will seek out a more suitable product or solution.<br />
<br />
*'''Consumers require products that are easy to learn and intuitive to navigate, especially as they are integrated into their daily lives'''. The best example of this is the innovation of the World Wide Web, which is considered to be the direct result of HCI research.<sup>[1]</sup> Especially in the mid 1990’s when the personal computer was not commonplace in the average North American home the way it is today, the idea of navigating over the web would be insurmountable to new users. HCI research, particularly related to direct manipulation led to the use of hyperlinks, making use of the internet accessible for new users.<br />
<br />
*'''The ways in which users adopt technology into their daily lives requires businesses to come up with interaction styles fitting to the context in which the technology is being used'''. Jobs require users to have access to computing resources away from their static desktop computer. For this reason, PDA’s, smart phones, and pocket PC’s have recently become commonplace in the business environment. New studies in HCI are required to make mobile interaction realistic so that the user is able to work just as effectively in a mobile environment. <sup>[2]</sup><br />
*'''Training is expensive'''. Users should not have the responsibility of allocating time, money, and motivation to learning a new interaction style. A good interface as the result of HCI studies would not place this burden on the user.<br />
<br />
<br />
=== Business/Commerical Motivations ===<br />
<br />
*'''Study of Technology Insertion Techniques in HCI can be used to reduce errors'''. Ultimately, this means a company can avoid errors that result in the loss of time, money, morale, and other costly factors.<br />
<br />
*'''The costs of training, motivating, and maintaining humans far outweigh the costs of developing hardware and software interaction systems'''. Effective HCIs allow workers to overcome human limitations and work more productively.<br />
<br />
*'''Businesses can use HCI research as motivations for developing new business models'''. For example, in 2009 Microsoft announced plans for Natal, a peripheral for the Xbox 360 home gaming console that uses physical movement and gesture recognition to make the gaming controller obsolete. Furthermore, the business decision is that consumers would be able to get a cutting-edge interaction experience without having to spend upwards of $500 on a new console. By studying HCI and applying new interaction techniques, Microsoft stands to change the gaming business model in a way that reduces their marketing costs and satisfies customers. <sup>[3]</sup><br />
<br />
<br />
=== Accessibility Concerns ===<br />
<br />
*'''Research in HCI must be done as a precautionary measure'''. A user may suffer from epilepsy or other complications arising from photosensitivity that can lead to convulsions, disorientation, and other harmful affects. Studies of refresh rates, jarring contrasts, allowable changes in brightness, and human vision concerns are necessary to avoid potentially harming the user. <br />
<br />
*'''The burden of communication is on the GUI.''' The application must be able to effectively communicate what actions are available to avoid misuse. This involves the study of regional languages, vision loss in the elderly, colourblindness, and how to accommodate other accessibility issues. Not only do these concepts need to be researched, but HCI's need to be studied to understand how to effectively integrate those accessability concerns into the system without introducing more confusion that could disrupt the system or harm the user. <br />
<br />
*'''A GUI is only as effective as the actions it is capable of performing'''. Studies of behavioural patterns, learning rates, and visual stimuli are needed to determine how users become more comfortable with the interface. By making an interface available to a variety of users with different levels of aptitude (novice, intermediate, expert) the interface becomes more useful in fulfilling its purpose. <sup>[4]</sup><br />
<br />
<br />
=== Quality Assurance of Software ===<br />
<br />
=== Development of Industry Standards ===<br />
<br />
== Human Factors ==<br />
<br />
Human Factors is an umbrella term for several areas of research. Motivation rises for the study of human factors that include [[Motivations for the Studying of HCI#Human Performance|human performance]], [[Motivations for the Studying of HCI#Technology Design|technology design]] and [[Motivations for the Studying of HCI#Human-Computer Interaction|Human-Computer Interaction (HCI)]]. Human factors is often used interchangeably with User Interface Design or Human-Computer Interaction. <br />
<br />
The concept of human factors emerged during the industrial revolution and became a full-fledged discipline during World War II. <br />
<br />
Human factors recognized that aircraft cockpit design needed to consider the human interface for controls and displays.Design engineers focused on technology and the industrial psychologists worked to optimize the interface. There is a tremendous overlap in these disciplines. Human factors refer to hardware design and HCI is frequently used by the software engineers. Engineering psychologists work in both disciplines and the overlap is considered greater than the difference.<br />
http://www.duke.edu/web/informatics/HF/HumanFactors.html<br />
<br />
Another example of this area of research occurs in the Human Factors Research and Technology Division at NASA Ames Research Center <sup>[4]</sup>. This area focuses on the need for safe, efficient and cost-effective operations, maintenance and training, both in flight aircrafts and on the ground.<br />
<br />
[[Image:Human_factors.jpg|frame|Human Factors|right|Hardware design promoting a healthy desktop environment.]]<br />
<br />
See below for further information on some specific subjects of human factors. <br />
<br />
===Human Performance===<br />
<br />
Human factors or HCI must consider integration of human mental abilities, i.e. short and long-term memory, visual scanning, and the development of mental cognitive models. HCI not only includes the specification, design, and development of systems, it must also include the actual training, skill levels, and organizational aspects of the end users. By considering these characteristics, data entry and understanding information technology becomes easier. HCI includes several areas that are paramount in the interaction of humans and machines. These areas include staffing, personnel, training, human factors engineering, and health risks, as well as managerial, public, and personal safety issues surrounding machines. Other issues that must be considered with HCI are the designs of language, entering methods, graphics, visual representation, and consistency of a system's look. Human factors is a comprehensive expression covering an assortment of areas speaking to the purpose of objects people use, from the scalpel to the computer within healthcare. <br />
<br />
=== Technology Design ===<br />
=== Human-Computer Interaction ===<br />
<br />
== Ergonomics ==<br />
===Definition:===<br />
The term Ergonomics is derived from two Greek words Nomoi meaning natural laws and Ergon meaning work. Hence, ergonomists study human capabilities in relationship to work demands.<br />
<br />
===Principles of Ergonomics:===<br />
There are '''10 basic''' principles:<br />
<br />
1. ''Work in Neutral Postures'': Your posture provides a good starting point for evaluating the tasks that you do. The best positions in which to work are those that keep the body "in neutral." <br />
<br />
2. ''Reduce Excessive Force'': Excessive force on your joints can create a potential for fatigue and injury. In practical terms, the action item is for you to identify specific instances of excessive force and think of ways to make improvements.<br />
<br />
3. ''Keep Everything in Easy Reach'': The next principle deals with keeping things within easy reach. In many ways, this principle is redundant with posture, but it helps to evaluate a task from this specific perspective.<br />
[[Image:P19_Reach_for_mouse.jpg|thumb|alt=Puzzle globe logo|problems with reach are simply matters of rearranging your work area and moving things closer to you]]<br />
<br />
4. ''Work at Proper Heights'': Working at the right height is also a way to make things easier.<br />
[[Image:P23_elbow_ht_typing.jpg|thumb|alt=Puzzle globe logo|A good rule of thumb is that most work should be done at about elbow height, whether sitting or standing.]]<br />
<br />
5. ''Reduce Excessive Motions'': The next principle to think about is the number of motions you make throughout a day, whether with your fingers, your wrists, your arms, or your back.<br />
<br />
6. ''Minimize Fatigue and Static Load'': Holding the same position for a period of time is known as static load. It creates fatigue and discomfort and can interfere with work.<br />
<br />
7. ''Minimize Pressure Points'': Another thing to watch out for is excessive pressure points, sometimes called "contact stress." <br />
<br />
8. ''Provide Clearance'': Having enough clearance is a concept that is easy to relate to.<br />
<br />
9. ''Move, Exercise, and Stretch'': To be healthy the human body needs to be exercised and stretched.<br />
<br />
10. ''Maintain a Comfortable Environment'': This principle is more or less a catch-all that can mean different things depending upon the nature of the types of operations that you do.<br />
<br />
<br />
this is [http://en.wikipedia.org/wiki/Fitts's_law Fitts's] law<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
http://www.duke.edu/web/informatics/HF/HF-ergonomics.html<br />
<br />
== References ==<br />
<br />
:'''1.''' A brief history of human-computer interaction technology. ACM Interactions. http://portal.acm.org/citation.cfm?doid=274430.274436<br />
<br />
:'''2.''' Using while moving: HCI issues in fieldwork environments. ACM Transactions on Computer-Human Interaction (TOCHI) http://delivery.acm.org/10.1145/360000/355329/p417-pascoe.pdf?key1=355329&key2=2746298521&coll=GUIDE&dl=GUIDE&CFID=64390082&CFTOKEN=12638977<br />
<br />
:'''3.''' Reuters: Microsoft unveils new Xbox technology, enlists Facebook. http://www.reuters.com/article/internetNews/idUSTRE5506FO20090601<br />
<br />
:'''4.''' Poelman, S. (2009) Software Engineering 4D03/6D03/Computer Science 4HC3 Lecture Notes<br />
<br />
:'''5.''' Human Factors 101. http://human-factors.arc.nasa.gov/web/hf101/<br />
<br />
:'''6.''' Fitts's Law. http://en.wikipedia.org/wiki/Fitts's_law</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Motivations_for_the_Studies_of_HCIMotivations for the Studies of HCI2009-11-23T06:56:28Z<p>Katmehm: /* Overview */</p>
<hr />
<div>== Overview ==<br />
<br />
As the capabilities of available technologies continue to grow, the technology itself becomes available to more types of user, each with different demands, goals, and needs. A good Human-Computer Interface (HCI) needs to address the limitations and needs of its user. In addition to meeting the needs of a growing and diverse user-base, research needs to be done in the field of HCI for computers to be accessible in mobile environments, to act as cost-saving measures, to ensure quality software development, and to address the health and safety of the user. These and other motivations elaborated below allow for engineers understand the subjective needs of the user.<br />
<br />
[[Image:Ergonomics.jpg]]<br />
<br />
== Motivations ==<br />
<br />
=== Integration into Human Lifestyles ===<br />
<br />
*'''Users are not tolerant of poorly designed interfaces'''. Often users are susceptible to frustration, will not invest time in learning an unintuitive interface and will seek out a more suitable product or solution.<br />
<br />
*'''Consumers require products that are easy to learn and intuitive to navigate, especially as they are integrated into their daily lives'''. The best example of this is the innovation of the World Wide Web, which is considered to be the direct result of HCI research.<sup>[1]</sup> Especially in the mid 1990’s when the personal computer was not commonplace in the average North American home the way it is today, the idea of navigating over the web would be insurmountable to new users. HCI research, particularly related to direct manipulation led to the use of hyperlinks, making use of the internet accessible for new users.<br />
<br />
*'''The ways in which users adopt technology into their daily lives requires businesses to come up with interaction styles fitting to the context in which the technology is being used'''. Jobs require users to have access to computing resources away from their static desktop computer. For this reason, PDA’s, smart phones, and pocket PC’s have recently become commonplace in the business environment. New studies in HCI are required to make mobile interaction realistic so that the user is able to work just as effectively in a mobile environment. <sup>[2]</sup><br />
*'''Training is expensive'''. Users should not have the responsibility of allocating time, money, and motivation to learning a new interaction style. A good interface as the result of HCI studies would not place this burden on the user.<br />
<br />
<br />
=== Business/Commerical Motivations ===<br />
<br />
*'''Study of Technology Insertion Techniques in HCI can be used to reduce errors'''. Ultimately, this means a company can avoid errors that result in the loss of time, money, morale, and other costly factors.<br />
<br />
*'''The costs of training, motivating, and maintaining humans far outweigh the costs of developing hardware and software interaction systems'''. Effective HCIs allow workers to overcome human limitations and work more productively.<br />
<br />
*'''Businesses can use HCI research as motivations for developing new business models'''. For example, in 2009 Microsoft announced plans for Natal, a peripheral for the Xbox 360 home gaming console that uses physical movement and gesture recognition to make the gaming controller obsolete. Furthermore, the business decision is that consumers would be able to get a cutting-edge interaction experience without having to spend upwards of $500 on a new console. By studying HCI and applying new interaction techniques, Microsoft stands to change the gaming business model in a way that reduces their marketing costs and satisfies customers. <sup>[3]</sup><br />
<br />
<br />
=== Accessibility Concerns ===<br />
<br />
*'''Research in HCI must be done as a precautionary measure'''. A user may suffer from epilepsy or other complications arising from photosensitivity that can lead to convulsions, disorientation, and other harmful affects. Studies of refresh rates, jarring contrasts, allowable changes in brightness, and human vision concerns are necessary to avoid potentially harming the user. <br />
<br />
*'''The burden of communication is on the GUI.''' The application must be able to effectively communicate what actions are available to avoid misuse. This involves the study of regional languages, vision loss in the elderly, colourblindness, and how to accommodate other accessibility issues. Not only do these concepts need to be researched, but HCI's need to be studied to understand how to effectively integrate those accessability concerns into the system without introducing more confusion that could disrupt the system or harm the user. <br />
<br />
*'''A GUI is only as effective as the actions it is capable of performing'''. Studies of behavioural patterns, learning rates, and visual stimuli are needed to determine how users become more comfortable with the interface. By making an interface available to a variety of users with different levels of aptitude (novice, intermediate, expert) the interface becomes more useful in fulfilling its purpose. <sup>[4]</sup><br />
<br />
<br />
=== Quality Assurance of Software ===<br />
<br />
=== Development of Industry Standards ===<br />
<br />
== Human Factors ==<br />
<br />
Human Factors is an umbrella term for several areas of research. Motivation rises for the study of human factors that include [[Motivations for the Studying of HCI#Human Performance|human performance]], [[Motivations for the Studying of HCI#Technology Design|technology design]] and [[Motivations for the Studying of HCI#Human-Computer Interaction|Human-Computer Interaction (HCI)]]. Human factors is often used interchangeably with User Interface Design or Human-Computer Interaction. <br />
<br />
The concept of human factors emerged during the industrial revolution and became a full-fledged discipline during World War II. <br />
<br />
Human factors recognized that aircraft cockpit design needed to consider the human interface for controls and displays.Design engineers focused on technology and the industrial psychologists worked to optimize the interface. There is a tremendous overlap in these disciplines. Human factors refer to hardware design and HCI is frequently used by the software engineers. Engineering psychologists work in both disciplines and the overlap is considered greater than the difference.<br />
http://www.duke.edu/web/informatics/HF/HumanFactors.html<br />
<br />
Another example of this area of research occurs in the Human Factors Research and Technology Division at NASA Ames Research Center <sup>[4]</sup>. This area focuses on the need for safe, efficient and cost-effective operations, maintenance and training, both in flight aircrafts and on the ground.<br />
<br />
[[Image:Human_factors.jpg|frame|Human Factors|right|Hardware design promoting a healthy desktop environment.]]<br />
<br />
See below for further information on some specific subjects of human factors. <br />
<br />
===Human Performance===<br />
<br />
Human factors or HCI must consider integration of human mental abilities, i.e. short and long-term memory, visual scanning, and the development of mental cognitive models. HCI not only includes the specification, design, and development of systems, it must also include the actual training, skill levels, and organizational aspects of the end users. By considering these characteristics, data entry and understanding information technology becomes easier. HCI includes several areas that are paramount in the interaction of humans and machines. These areas include staffing, personnel, training, human factors engineering, and health risks, as well as managerial, public, and personal safety issues surrounding machines. Other issues that must be considered with HCI are the designs of language, entering methods, graphics, visual representation, and consistency of a system's look. Human factors is a comprehensive expression covering an assortment of areas speaking to the purpose of objects people use, from the scalpel to the computer within healthcare. <br />
<br />
=== Technology Design ===<br />
=== Human-Computer Interaction ===<br />
<br />
== Ergonomics ==<br />
===Definition:===<br />
The term Ergonomics is derived from two Greek words Nomoi meaning natural laws and Ergon meaning work. Hence, ergonomists study human capabilities in relationship to work demands.<br />
<br />
===Principles of Ergonomics:===<br />
There are '''10 basic''' principles:<br />
<br />
1. ''Work in Neutral Postures'': Your posture provides a good starting point for evaluating the tasks that you do. The best positions in which to work are those that keep the body "in neutral." <br />
<br />
2. ''Reduce Excessive Force'': Excessive force on your joints can create a potential for fatigue and injury. In practical terms, the action item is for you to identify specific instances of excessive force and think of ways to make improvements.<br />
<br />
3. ''Keep Everything in Easy Reach'': The next principle deals with keeping things within easy reach. In many ways, this principle is redundant with posture, but it helps to evaluate a task from this specific perspective.<br />
[[Image:P19_Reach_for_mouse.jpg|thumb|alt=Puzzle globe logo|problems with reach are simply matters of rearranging your work area and moving things closer to you]]<br />
<br />
4. ''Work at Proper Heights'': Working at the right height is also a way to make things easier.<br />
[[Image:P23_elbow_ht_typing.jpg|thumb|alt=Puzzle globe logo|A good rule of thumb is that most work should be done at about elbow height, whether sitting or standing.]]<br />
<br />
5. ''Reduce Excessive Motions'': The next principle to think about is the number of motions you make throughout a day, whether with your fingers, your wrists, your arms, or your back.<br />
<br />
6. ''Minimize Fatigue and Static Load'': Holding the same position for a period of time is known as static load. It creates fatigue and discomfort and can interfere with work.<br />
<br />
7. ''Minimize Pressure Points'': Another thing to watch out for is excessive pressure points, sometimes called "contact stress." <br />
<br />
8. ''Provide Clearance'': Having enough clearance is a concept that is easy to relate to.<br />
<br />
9. ''Move, Exercise, and Stretch'': To be healthy the human body needs to be exercised and stretched.<br />
<br />
10. ''Maintain a Comfortable Environment'': This principle is more or less a catch-all that can mean different things depending upon the nature of the types of operations that you do.<br />
<br />
<br />
this is [http://en.wikipedia.org/wiki/Fitts's_law Fitts's] law<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
http://www.duke.edu/web/informatics/HF/HF-ergonomics.html<br />
<br />
== References ==<br />
<br />
:'''1.''' A brief history of human-computer interaction technology. ACM Interactions. http://portal.acm.org/citation.cfm?doid=274430.274436<br />
<br />
:'''2.''' Using while moving: HCI issues in fieldwork environments. ACM Transactions on Computer-Human Interaction (TOCHI) http://delivery.acm.org/10.1145/360000/355329/p417-pascoe.pdf?key1=355329&key2=2746298521&coll=GUIDE&dl=GUIDE&CFID=64390082&CFTOKEN=12638977<br />
<br />
:'''3.''' Reuters: Microsoft unveils new Xbox technology, enlists Facebook. http://www.reuters.com/article/internetNews/idUSTRE5506FO20090601<br />
<br />
:'''4.''' Poelman, S. (2009) Software Engineering 4D03/6D03/Computer Science 4HC3 Lecture Notes<br />
<br />
:'''5.''' Human Factors 101. http://human-factors.arc.nasa.gov/web/hf101/<br />
<br />
:'''6.''' Fitts's Law. http://en.wikipedia.org/wiki/Fitts's_law</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/File:Ergonomics.jpgFile:Ergonomics.jpg2009-11-23T06:55:31Z<p>Katmehm: </p>
<hr />
<div></div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:51:58Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|thumb|Cryptography is Our Security|right|'''Cryptography is Our Security''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|thumb|Casear Cipher Machine|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|thumb|Vigenere Square Table|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows:<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
<div class="references-small"><br />
* [[Ross Anderson|Ross J. Anderson]]: <cite>[http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering: A Guide to Building Dependable Distributed Systems]</cite>, ISBN 0-471-38922-6<br />
* [[Morrie Gasser]]: [http://cs.unomaha.edu/~stanw/gasserbook.pdf <cite>Building a secure computer system</cite>] ISBN 0-442-23022-2 1988<br />
* [[Stephen Haag]], [[Maeve Cummings]], [[Donald McCubbrey]], [[Alain Pinsonneault]], [[Richard Donovan]]: <cite>Management Information Systems for the information age</cite>, ISBN 0-07-091120-7<br />
* [[E. Stewart Lee]]: [http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdf <cite>Essays about Computer Security</cite>] Cambridge, 1999<br />
* [[Peter G. Neumann]]: [http://www.csl.sri.com/neumann/chats4.pdf <cite>Principled Assuredly Trustworthy Composable Architectures</cite>] 2004<br />
* [[Paul A. Karger]], [[Roger R. Schell]]: [http://www.acsac.org/2002/papers/classic-multics.pdf<cite>Thirty Years Later: Lessons from the Multics Security Evaluation</cite>], IBM white paper.<br />
* [[Robert C. Seacord]]: <cite>Secure Coding in C and C++</cite>. Addison Wesley, September, 2005. ISBN 0-321-33572-4<br />
* [[Clifford Stoll]]: <cite>Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage</cite>, Pocket Books, ISBN 0-7434-1146-3<br />
</div><br />
<br />
<br />
=See Also=<br />
<br />
* [[Conventional_Encryption_Algorithms]]<br />
* [[Payment_Card_Industry_Data_Security_Standard]]<br />
* [[Information_Security_References]]<br />
* [[Security_and_Storage_Mediums]]<br />
<br />
=External Links=<br />
<br />
*[http://security.practitioner.com/introduction/ An Introduction to Information Security]<br />
*[http://www.logicalsecurity.com/resources/resources_articles.html Introduction to Security Governance]<br />
*[http://www.coesecurity.com/services/resources.asp COE Security - Information Security Articles]<br />
*[http://www.davidstclair.co.uk/example-security-templates/example-internet-e-mail-usage-policy-2.html Example Security Policy]<br />
*[http://www.iwar.org.uk/comsec/ IWS - Information Security Chapter]<br />
*[http://www.issa.org/ Information Systems Security Association]<br />
*[http://msdn2.microsoft.com/en-us/library/ms998382.aspx patterns & practices Security Engineering Explained]<br />
*[http://www.opensecurityarchitecture.org Open Security Architecture- Controls and patterns to secure IT systems]<br />
<br />
--[[User:Katmehm|Katmehm]] 23:43, 11 April 2009 (EDT)</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:48:43Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|Cryptography is Our Security|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|Vigenere Square Table|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows:<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
<div class="references-small"><br />
* [[Ross Anderson|Ross J. Anderson]]: <cite>[http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering: A Guide to Building Dependable Distributed Systems]</cite>, ISBN 0-471-38922-6<br />
* [[Morrie Gasser]]: [http://cs.unomaha.edu/~stanw/gasserbook.pdf <cite>Building a secure computer system</cite>] ISBN 0-442-23022-2 1988<br />
* [[Stephen Haag]], [[Maeve Cummings]], [[Donald McCubbrey]], [[Alain Pinsonneault]], [[Richard Donovan]]: <cite>Management Information Systems for the information age</cite>, ISBN 0-07-091120-7<br />
* [[E. Stewart Lee]]: [http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdf <cite>Essays about Computer Security</cite>] Cambridge, 1999<br />
* [[Peter G. Neumann]]: [http://www.csl.sri.com/neumann/chats4.pdf <cite>Principled Assuredly Trustworthy Composable Architectures</cite>] 2004<br />
* [[Paul A. Karger]], [[Roger R. Schell]]: [http://www.acsac.org/2002/papers/classic-multics.pdf<cite>Thirty Years Later: Lessons from the Multics Security Evaluation</cite>], IBM white paper.<br />
* [[Robert C. Seacord]]: <cite>Secure Coding in C and C++</cite>. Addison Wesley, September, 2005. ISBN 0-321-33572-4<br />
* [[Clifford Stoll]]: <cite>Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage</cite>, Pocket Books, ISBN 0-7434-1146-3<br />
</div><br />
<br />
<br />
=See Also=<br />
<br />
* [[Conventional_Encryption_Algorithms]]<br />
* [[Payment_Card_Industry_Data_Security_Standard]]<br />
* [[Information_Security_References]]<br />
* [[Security_and_Storage_Mediums]]<br />
<br />
=External Links=<br />
<br />
*[http://security.practitioner.com/introduction/ An Introduction to Information Security]<br />
*[http://www.logicalsecurity.com/resources/resources_articles.html Introduction to Security Governance]<br />
*[http://www.coesecurity.com/services/resources.asp COE Security - Information Security Articles]<br />
*[http://www.davidstclair.co.uk/example-security-templates/example-internet-e-mail-usage-policy-2.html Example Security Policy]<br />
*[http://www.iwar.org.uk/comsec/ IWS - Information Security Chapter]<br />
*[http://www.issa.org/ Information Systems Security Association]<br />
*[http://msdn2.microsoft.com/en-us/library/ms998382.aspx patterns & practices Security Engineering Explained]<br />
*[http://www.opensecurityarchitecture.org Open Security Architecture- Controls and patterns to secure IT systems]<br />
<br />
--[[User:Katmehm|Katmehm]] 23:43, 11 April 2009 (EDT)</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:45:57Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square '''Vigenere Square Table]]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows:<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
<div class="references-small"><br />
* [[Ross Anderson|Ross J. Anderson]]: <cite>[http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering: A Guide to Building Dependable Distributed Systems]</cite>, ISBN 0-471-38922-6<br />
* [[Morrie Gasser]]: [http://cs.unomaha.edu/~stanw/gasserbook.pdf <cite>Building a secure computer system</cite>] ISBN 0-442-23022-2 1988<br />
* [[Stephen Haag]], [[Maeve Cummings]], [[Donald McCubbrey]], [[Alain Pinsonneault]], [[Richard Donovan]]: <cite>Management Information Systems for the information age</cite>, ISBN 0-07-091120-7<br />
* [[E. Stewart Lee]]: [http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdf <cite>Essays about Computer Security</cite>] Cambridge, 1999<br />
* [[Peter G. Neumann]]: [http://www.csl.sri.com/neumann/chats4.pdf <cite>Principled Assuredly Trustworthy Composable Architectures</cite>] 2004<br />
* [[Paul A. Karger]], [[Roger R. Schell]]: [http://www.acsac.org/2002/papers/classic-multics.pdf<cite>Thirty Years Later: Lessons from the Multics Security Evaluation</cite>], IBM white paper.<br />
* [[Robert C. Seacord]]: <cite>Secure Coding in C and C++</cite>. Addison Wesley, September, 2005. ISBN 0-321-33572-4<br />
* [[Clifford Stoll]]: <cite>Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage</cite>, Pocket Books, ISBN 0-7434-1146-3<br />
</div><br />
<br />
<br />
=See Also=<br />
<br />
* [[Conventional_Encryption_Algorithms]]<br />
* [[Payment_Card_Industry_Data_Security_Standard]]<br />
* [[Information_Security_References]]<br />
* [[Security_and_Storage_Mediums]]<br />
<br />
=External Links=<br />
<br />
*[http://security.practitioner.com/introduction/ An Introduction to Information Security]<br />
*[http://www.logicalsecurity.com/resources/resources_articles.html Introduction to Security Governance]<br />
*[http://www.coesecurity.com/services/resources.asp COE Security - Information Security Articles]<br />
*[http://www.davidstclair.co.uk/example-security-templates/example-internet-e-mail-usage-policy-2.html Example Security Policy]<br />
*[http://www.iwar.org.uk/comsec/ IWS - Information Security Chapter]<br />
*[http://www.issa.org/ Information Systems Security Association]<br />
*[http://msdn2.microsoft.com/en-us/library/ms998382.aspx patterns & practices Security Engineering Explained]<br />
*[http://www.opensecurityarchitecture.org Open Security Architecture- Controls and patterns to secure IT systems]<br />
<br />
--[[User:Katmehm|Katmehm]] 23:43, 11 April 2009 (EDT)</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:43:36Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows:<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
<div class="references-small"><br />
* [[Ross Anderson|Ross J. Anderson]]: <cite>[http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering: A Guide to Building Dependable Distributed Systems]</cite>, ISBN 0-471-38922-6<br />
* [[Morrie Gasser]]: [http://cs.unomaha.edu/~stanw/gasserbook.pdf <cite>Building a secure computer system</cite>] ISBN 0-442-23022-2 1988<br />
* [[Stephen Haag]], [[Maeve Cummings]], [[Donald McCubbrey]], [[Alain Pinsonneault]], [[Richard Donovan]]: <cite>Management Information Systems for the information age</cite>, ISBN 0-07-091120-7<br />
* [[E. Stewart Lee]]: [http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdf <cite>Essays about Computer Security</cite>] Cambridge, 1999<br />
* [[Peter G. Neumann]]: [http://www.csl.sri.com/neumann/chats4.pdf <cite>Principled Assuredly Trustworthy Composable Architectures</cite>] 2004<br />
* [[Paul A. Karger]], [[Roger R. Schell]]: [http://www.acsac.org/2002/papers/classic-multics.pdf<cite>Thirty Years Later: Lessons from the Multics Security Evaluation</cite>], IBM white paper.<br />
* [[Robert C. Seacord]]: <cite>Secure Coding in C and C++</cite>. Addison Wesley, September, 2005. ISBN 0-321-33572-4<br />
* [[Clifford Stoll]]: <cite>Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage</cite>, Pocket Books, ISBN 0-7434-1146-3<br />
</div><br />
<br />
<br />
=See Also=<br />
<br />
* [[Conventional_Encryption_Algorithms]]<br />
* [[Payment_Card_Industry_Data_Security_Standard]]<br />
* [[Information_Security_References]]<br />
* [[Security_and_Storage_Mediums]]<br />
<br />
=External Links=<br />
<br />
*[http://security.practitioner.com/introduction/ An Introduction to Information Security]<br />
*[http://www.logicalsecurity.com/resources/resources_articles.html Introduction to Security Governance]<br />
*[http://www.coesecurity.com/services/resources.asp COE Security - Information Security Articles]<br />
*[http://www.davidstclair.co.uk/example-security-templates/example-internet-e-mail-usage-policy-2.html Example Security Policy]<br />
*[http://www.iwar.org.uk/comsec/ IWS - Information Security Chapter]<br />
*[http://www.issa.org/ Information Systems Security Association]<br />
*[http://msdn2.microsoft.com/en-us/library/ms998382.aspx patterns & practices Security Engineering Explained]<br />
*[http://www.opensecurityarchitecture.org Open Security Architecture- Controls and patterns to secure IT systems]<br />
<br />
--[[User:Katmehm|Katmehm]] 23:43, 11 April 2009 (EDT)</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:41:57Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows:<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
<div class="references-small"><br />
* [[Ross Anderson|Ross J. Anderson]]: <cite>[http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering: A Guide to Building Dependable Distributed Systems]</cite>, ISBN 0-471-38922-6<br />
* [[Morrie Gasser]]: [http://cs.unomaha.edu/~stanw/gasserbook.pdf <cite>Building a secure computer system</cite>] ISBN 0-442-23022-2 1988<br />
* [[Stephen Haag]], [[Maeve Cummings]], [[Donald McCubbrey]], [[Alain Pinsonneault]], [[Richard Donovan]]: <cite>Management Information Systems for the information age</cite>, ISBN 0-07-091120-7<br />
* [[E. Stewart Lee]]: [http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdf <cite>Essays about Computer Security</cite>] Cambridge, 1999<br />
* [[Peter G. Neumann]]: [http://www.csl.sri.com/neumann/chats4.pdf <cite>Principled Assuredly Trustworthy Composable Architectures</cite>] 2004<br />
* [[Paul A. Karger]], [[Roger R. Schell]]: [http://www.acsac.org/2002/papers/classic-multics.pdf<cite>Thirty Years Later: Lessons from the Multics Security Evaluation</cite>], IBM white paper.<br />
* [[Robert C. Seacord]]: <cite>Secure Coding in C and C++</cite>. Addison Wesley, September, 2005. ISBN 0-321-33572-4<br />
* [[Clifford Stoll]]: <cite>Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage</cite>, Pocket Books, ISBN 0-7434-1146-3<br />
</div><br />
<br />
<br />
=See Also=<br />
<br />
* [[Conventional_Encryption_Algorithms]]<br />
* [[Payment_Card_Industry_Data_Security_Standard]]<br />
* [[Information_Security_References]]<br />
* [[Security_and_Storage_Mediums]]<br />
<br />
=External Links=<br />
<br />
*[http://security.practitioner.com/introduction/ An Introduction to Information Security]<br />
*[http://www.logicalsecurity.com/resources/resources_articles.html Introduction to Security Governance]<br />
*[http://www.coesecurity.com/services/resources.asp COE Security - Information Security Articles]<br />
*[http://www.davidstclair.co.uk/example-security-templates/example-internet-e-mail-usage-policy-2.html Example Security Policy]<br />
*[http://www.iwar.org.uk/comsec/ IWS - Information Security Chapter]<br />
*[http://www.issa.org/ Information Systems Security Association]<br />
*[http://msdn2.microsoft.com/en-us/library/ms998382.aspx patterns & practices Security Engineering Explained]<br />
*[http://www.opensecurityarchitecture.org Open Security Architecture- Controls and patterns to secure IT systems]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:39:27Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows:<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]<br />
<br />
=See Also=<br />
<br />
* [[Conventional_Encryption_Algorithms]]<br />
* [[Payment_Card_Industry_Data_Security_Standard]]<br />
* [http://en.wikipedia.org/wiki/Information_security Information Security]<br />
* [[Piggybacking]]<br />
* [[Information_Security_References]]<br />
* [[Security_and_Storage_Mediums]]<br />
<br />
=External Links=<br />
<br />
*[http://security.practitioner.com/introduction/ An Introduction to Information Security]<br />
*[http://www.logicalsecurity.com/resources/resources_articles.html Introduction to Security Governance]<br />
*[http://www.coesecurity.com/services/resources.asp COE Security - Information Security Articles]<br />
*[http://www.davidstclair.co.uk/example-security-templates/example-internet-e-mail-usage-policy-2.html Example Security Policy]<br />
*[http://www.iwar.org.uk/comsec/ IWS - Information Security Chapter]<br />
*[http://www.issa.org/ Information Systems Security Association]<br />
*[http://msdn2.microsoft.com/en-us/library/ms998382.aspx patterns & practices Security Engineering Explained]<br />
*[http://www.opensecurityarchitecture.org Open Security Architecture- Controls and patterns to secure IT systems]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:33:52Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows:<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]<br />
<br />
=See Also=<br />
* [[Conventional_Encryption_Algorithms]]<br />
* [[Piggybacking]]<br />
=External Links=</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:30:36Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows:<br />
Key <br>B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]<br />
<br />
=See Also=<br />
<br />
=External Links=</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:28:43Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]<br />
<br />
=See Also=<br />
<br />
=External Links=</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:27:08Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment [http://en.wikipedia.org/wiki/Key_(cryptography) key] is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their [http://en.wikipedia.org/wiki/Public_key public keys] are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[http://en.wikipedia.org/wiki/Private_key private key]:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an [http://en.wikipedia.org/wiki/Exponentiation exponentiation cipher]. Choose two large [http://en.wikipedia.org/wiki/Prime_numbers prime numbers] p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The [http://en.wikipedia.org/wiki/Security security] of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of [http://en.wikipedia.org/wiki/Integer_factorization integer factorization]: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a [http://en.wikipedia.org/wiki/Checksum checksum]<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The [http://en.wikipedia.org/wiki/Parity_bit parity bit] in the [http://en.wikipedia.org/wiki/ASCII ASCII] representation is often used as a [http://en.wikipedia.org/wiki/Single-bit single-bit checksum]. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a [http://en.wikipedia.org/wiki/Generic generic] term for an algorithm that uses a keyless [http://en.wikipedia.org/wiki/Hash_function hash function] and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to [http://en.wikipedia.org/wiki/Conceal conceal information]. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and [http://en.wikipedia.org/w/index.php?title=Special%3ASearch&search=origin+authentication origin authentication] (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and [http://en.wikipedia.org/wiki/Permutation permutation] (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and [http://en.wikipedia.org/wiki/Linear_cryptanalysis linear cryptanalysis]. New public key ciphers use simple instances of [http://en.wikipedia.org/wiki/NP-hard NP-hard] problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "[http://en.wikipedia.org/wiki/Provable_security provable security]." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic [http://en.wikipedia.org/wiki/Protocol_(computing) protocols]. This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:12:36Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called [http://en.wikipedia.org/wiki/Polyalphabetic polyalphabetic].<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère] cipher was considered unbreakable. Then a Prussian cavalry officer named [http://en.wikipedia.org/wiki/Kasiski Kasiski] noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is [http://en.wikipedia.org/wiki/Bit-oriented bit-oriented], unlike the other ciphers we have seen. It uses both [ http://en.wikipedia.org/wiki/Transposition_cipher transposition] and [http://en.wikipedia.org/wiki/Substitution_cipher substitution] <br />
and for that reason is sometimes referred to as a [http://en.wikipedia.org/wiki/Product_cipher product cipher]. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of [[Public_Key_Authentication]] that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The security of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of integer factorization: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T03:04:05Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep [http://en.wikipedia.org/wiki/Enciphered enciphered] information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or [http://en.wikipedia.org/wiki/Symmetric_cryptosystems symmetric cryptosystems]) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a [http://en.wikipedia.org/wiki/Caesar Caesar] cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of [http://en.wikipedia.org/wiki/Roman_letters Roman letters] }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the [http://en.wikipedia.org/wiki/Period_of_the_cipher period of the cipher]. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [[http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère]] cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The security of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of integer factorization: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T02:57:58Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>[http://en.wikipedia.org/wiki/Quintuple Quintuple] (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An [http://en.wikipedia.org/wiki/Adversary adversary] wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the [[http://www.cas.mcmaster.ca/wiki/index.php/Conventional_Encryption_Algorithms Vigenère]] cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The [http://en.wikipedia.org/wiki/One_time_pad one-time pad] is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
The security of [http://www.cas.mcmaster.ca/wiki/index.php/Public_Key_Encryption_Algorithms RSA] is based on the difficulty of integer factorization: Finding large primes and multiplying them together is easy. However, from the product to find the factors is hard. There is no known efficient general technique to solve this problem. <br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, [http://en.wikipedia.org/wiki/Totient totient](10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T02:49:32Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a [http://en.wikipedia.org/wiki/Ciphertext ciphertext]. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T02:48:10Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. [http://en.wikipedia.org/wiki/Cryptanalyst Cryptanalysis] is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the [http://en.wikipedia.org/wiki/Plaintext plaintext], but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T02:44:17Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word [http://en.wikipedia.org/wiki/Cryptography cryptography] comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T02:40:21Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography[http://en.wikipedia.org/wiki/Cryptography] is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-12T02:21:49Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient(n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T06:11:12Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
*KAlice = 175 mod 53 = 40 and <br />
*KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
*kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
*kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T06:09:41Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be <br />
-kAlice = 5 and<br />
-kBob = 7.<br />
Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
-SBob,Alice = KAlice<br><br />
-kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
-SAlice,Bob = KBob<br><br />
-kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T06:07:26Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6<br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
private key:<br />
SBob,Alice = KAlice<br><br />
kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
SAlice,Bob = KBob<br><br />
kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T06:06:28Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his <br />
[[Image:deffie.png|350px|right|Deffie example Diagram]]<br><br />
private key:<br />
SBob,Alice = KAlice<br><br />
kBob mod p = 407 mod 53 = 38<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
SAlice,Bob = KBob<br><br />
kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/File:Deffie.pngFile:Deffie.png2009-04-11T06:05:22Z<p>Katmehm: </p>
<hr />
<div></div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T06:05:06Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br><br />
kBob mod p = 407 mod 53 = 38<br><br />
[[Image:deffie.png|300px|right|Deffie example Diagram]]<br><br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as:<br />
SAlice,Bob = KBob<br><br />
kAlice mod p = 65 mod 53 = 38<br><br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:59:51Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
1]Electronic Code Book Mode (ECB)<br><br />
*Encipher each block independently<br><br />
2] Cipher Block Chaining Mode (CBC)<br><br />
*Xor each block with previous ciphertext block<br><br />
*Requires an initialization vector for the first one<br><br />
3] Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
*c = DESk(DESk^(–1)(DESk(m)))<br><br />
4] Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
*c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:58:39Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
*Electronic Code Book Mode (ECB)<br><br />
-Encipher each block independently<br><br />
* Cipher Block Chaining Mode (CBC)<br><br />
-Xor each block with previous ciphertext block<br><br />
-Requires an initialization vector for the first one<br><br />
* Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
-c = DESk(DESk^(–1)(DESk(m)))<br><br />
* Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
-c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:58:09Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
*Electronic Code Book Mode (ECB)<br><br />
-Encipher each block independently<br><br />
* Cipher Block Chaining Mode (CBC)<br><br />
-Xor each block with previous ciphertext block<br><br />
-Requires an initialization vector for the first one<br><br />
* Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
-c = DESk(DESk^(–1)(DESk(m)))<br><br />
* Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
-c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:57:29Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
*Electronic Code Book Mode (ECB)<br><br />
Encipher each block independently<br><br />
* Cipher Block Chaining Mode (CBC)<br><br />
Xor each block with previous ciphertext block<br><br />
Requires an initialization vector for the first one<br><br />
* Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
c = DESk(DESk^(–1)(DESk(m)))<br><br />
* Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:56:37Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.<br />
The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
*Electronic Code Book Mode (ECB)<br><br />
Encipher each block independently<br><br />
* Cipher Block Chaining Mode (CBC)<br><br />
Xor each block with previous ciphertext block<br><br />
Requires an initialization vector for the first one<br><br />
* Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
c = DESk(DESk^(–1)(DESk(m)))<br><br />
* Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:55:24Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
'''DES Modes'''<br><br />
*Electronic Code Book Mode (ECB)<br><br />
• Encipher each block independently<br><br />
* Cipher Block Chaining Mode (CBC)<br><br />
• Xor each block with previous ciphertext block<br><br />
• Requires an initialization vector for the first one<br><br />
* Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
• c = DESk(DESk^(–1)(DESk(m)))<br><br />
* Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
• c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:54:25Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
<br />
'''DES Modes'''<br><br />
*Electronic Code Book Mode (ECB)<br><br />
• Encipher each block independently<br><br />
* Cipher Block Chaining Mode (CBC)<br><br />
• Xor each block with previous ciphertext block<br><br />
[[Image:DES.png|300px|right|The Feistel function (F function) of DES]]<br><br />
• Requires an initialization vector for the first one<br><br />
* Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
• c = DESk(DESk^(–1)(DESk(m)))<br><br />
* Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
• c = DESk(DESk' (DESk''(m)))<br><br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:51:53Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
<br />
'''DES Modes'''<br><br />
Electronic Code Book Mode (ECB)<br><br />
* Encipher each block independently<br><br />
• Cipher Block Chaining Mode (CBC)<br><br />
* Xor each block with previous ciphertext block<br><br />
* Requires an initialization vector for the first one<br><br />
• Encrypt-Decrypt-Encrypt Mode (2 keys: k, k')<br><br />
* c = DESk(DESk^(–1)(DESk(m)))<br><br />
• Encrypt-Encrypt-Encrypt Mode (3 keys: k, k', k'')<br><br />
* c = DESk(DESk' (DESk''(m)))<br><br />
<br />
[[Image:DES.png|300px|The Feistel function (F function) of DES]]<br><br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:45:23Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|The Feistel function (F function) of DES]]<br><br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:44:46Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|300px|thumb|The Feistel function (F function) of DES]]<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:44:05Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
[[Image:DES.png|250px|thumb|The Feistel function (F function) of DES]]<br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:43:01Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data.<br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution <br />
[[Image:DES.png|250px|right|thumb|The Feistel function (F function) of DES]]<br />
and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:36:52Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data. <br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|400px|'''Data Encryption Standard InfoBox Diagram''']]<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:32:23Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data. <br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|230px|'''Data Encryption Standard InfoBox Diagram''']]<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:31:47Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data. <br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|180px|right|'''Data Encryption Standard InfoBox Diagram''']]<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/File:DES.pngFile:DES.png2009-04-11T05:31:07Z<p>Katmehm: </p>
<hr />
<div></div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:30:54Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data. <br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks.<br />
[[Image:DES.png|right|'''Data Encryption Standard InfoBox Diagram''']]<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:26:47Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data. <br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:26:11Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|right|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data. <br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:25:38Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
[[Image:Vigenere.png|180px|''' Vigenere square ''']]<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data. <br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehmhttp://wiki.cas.mcmaster.ca/index.php/Cryptography_in_Information_SecurityCryptography in Information Security2009-04-11T05:24:27Z<p>Katmehm: </p>
<hr />
<div>[[Image:public_key_cryptography_and_pgp.jpg|right|'''Description''']]<br />
===Introduction=== <br />
The word cryptography comes from two Greek words meaning "secret writing" and is the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The basic component of cryptography is a<br />
cryptosystem.<br />
<br>Quintuple (E, D, M, K, C):<br />
* M set of plaintexts<br><br />
* K set of keys<br><br />
* C set of ciphertexts<br><br />
* E set of encryption functions<br> <br />
* D set of decryption functions <br><br />
<br />
The goal of cryptography is to keep enciphered information secret. An adversary wishes to break a ciphertext. Standard cryptographic practice is to assume that one knows the algorithm used to encipher the plaintext, but not the specific cryptographic key (in other words, she knows D and E). One may use three types of attacks.<br />
<br />
=Classical Cryptosystems=<br />
Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. So the sender, receiver share common key. Keys may be the same, or trivial to derive from one another. The are sometime called symmetric cryptography.<br />
<br />
[[Image:Images.jpg|right|'''Caesar cipher machine''']]<br />
==Cæsar cipher==<br />
The action of a Caesar cipher is to replace each plaintext letter with one a fixed number of places down the alphabet. This example is with a shift of three, so that a B in the plaintext becomes E in the ciphertext <br />
<br />
* '''EXAMPLE''': <br />
The Caesar cipher is the widely known cipher in which letters are shifted. For example, if the key is 3, the letter A becomes D, B becomes E, and so forth, ending with Z becoming C. So the word "HELLO" is enciphered as "KHOOR." Informally, this cipher is a cryptosystem with:<br />
M = { all sequences of Roman letters }<br><br />
K = { i | i an integer such that 0 ≤ I ≤ 25 }<br><br />
E = { Ek | k≤ K and for all m M, Ek(m) = (m + k) mod 26 }<br><br />
<br />
Representing each letter by its position in the alphabet (with A in position 0),<br />
"HELLO" is 7 4 11 11 14;<br><br />
if k = 3, the ciphertext is 10 7 14 14 17, or "KHOOR."<br />
<br />
D = { Dk | k K and for all c C, Dk(c) = (26 + c – k) mod 26 }<br />
Each Dk simply inverts the corresponding Ek.<br />
C = M<br />
because E is clearly a set of onto functions.<br />
<br />
[[Image:Vigenere.png|180px|''' Vigenere square ''']]<br />
==Vigènere cipher==<br />
A longer key might obscure the statistics. The Vigenère cipher chooses a sequence of keys, represented by a string. The key letters are applied to successive plaintext characters, and when the end of the key is reached, the key starts over. The length of the key is called the period of the cipher. Because this requires several different key letters, this type of cipher is called polyalphabetic.<br />
<br />
*'''EXAMPLE''': The first line of a limerick is enciphered using the key "BENCH," as follows.<br><br />
Key B ENCHBENC HBENC HBENCH BENCHBENCH<br><br />
Plaintext A LIMERICK PACKS LAUGHS ANATOMICAL<br><br />
Ciphertext B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS<br><br />
<br />
For many years, the Vigenère cipher was considered unbreakable. Then a Prussian cavalry officer named Kasiski noticed that repetitions occur when characters of the key appear over the same characters in the<br />
ciphertext. The number of characters between the repetitions is a multiple of the period.<br />
<br />
''One Time Pad''<br />
The one-time pad is a variant of the Vigenère cipher. The technique is the same. The key string is chosen<br />
at random, and is at least as long as the message, so it does not repeat.<br />
<br />
==Data Encryption Standard==<br />
The Data Encryption Standard (DES) was designed to encipher sensitive but nonclassified data. <br />
It is bit-oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long. The sets of 64 bits are referred to as blocks<br />
<br />
<br />
=Public Key Cryptography=<br />
==Diffie-Hellman==<br />
In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between<br />
encipherment and decipherment keys.<br />
<br />
One of the keys would be publicly known; the other would be<br />
kept private by its owner. Classical cryptography requires the sender and recipient to share a common key.<br />
Public key cryptography does not. If the encipherment key is public, to send a secret message simply<br />
encipher the message with the recipient's public key. Then send it. The recipient can decipher it using his<br />
private key.<br />
<br />
*'''EXAMPLE''': Alice and Bob have chosen p = 53 and g = 17. They choose their private keys to be kAlice = 5 and kBob = 7. Their public keys are<br />
-KAlice = 175 mod 53 = 40 and <br />
-KBob = 177 mod 53 = 6.<br />
<br />
Suppose Bob wishes to send Alice a message. He computes a shared secret key by enciphering Alice's public key using his private key:<br />
SBob,Alice = KAlice<br />
kBob mod p = 407 mod 53 = 38<br />
and enciphers his message using this key (and any desired secret key cryptosystem). When Alice gets the message, she computes the key she shares with Bob as<br />
SAlice,Bob = KBob<br />
kAlice mod p = 65 mod 53 = 38<br />
The mathematical properties of modular exponentiation ensure that for any two users A and B, SA,B = SB,A<br />
<br />
<br />
==RSA==<br />
is an exponentiation cipher. Choose two large prime numbers p and q, and let n = pq. The totient (n) of n is the number of numbers less than n with no factors in common with n. <br />
<br />
*'''EXAMPLE''': Let n = 10. The numbers that are less than 10 and are relatively prime to (have no factors in common with) n are 1, 3, 7, and 9. Hence, totient(10) = 4. Similarly, if n = 21, the numbers that are relatively prime to n are 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20. So totient(21) = 12<br />
<br />
=Cryptographic Checksums=<br />
==HMAC==<br />
Alice wants to send Bob a message of n bits. She wants Bob to be able to verify that the message he<br />
receives is the same one that was sent. So she applies a mathematical function, called a checksum<br />
function, to generate a smaller set of k bits from the original n bits. This smaller set is called the checksum<br />
or message digest. Alice then sends Bob both the message and the checksum. When Bob gets the<br />
message, he recomputes the checksum and compares it with the one Alice sent. If they match, he assumes<br />
that the message has not been changed.<br />
<br />
*'''EXAMPLE''': The parity bit in the ASCII representation is often used as a single-bit checksum. If<br />
odd parity is used, the sum of the 1-bits in the ASCII representation of the character, and the<br />
parity bit, is odd. Assume that Alice sends Bob the letter "A."<br />
In ASCII, the representation of "A" using odd parity is p0111101 in binary, where p represents<br />
the parity bit. Because five bits are set, the parity bit is 0 for odd parity.<br />
When Bob gets the message 00111101, he counts the 1-bits in the message. Because this<br />
number is odd, Bob knows that the message has arrived unchanged.<br />
<br />
HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to<br />
produce a keyed hash function [594]. This mechanism enables Alice to validate that data Bob sent to her is<br />
unchanged in transit. Without the key, anyone could change the data and recompute the message<br />
authentication code, and Alice would be none the wiser.<br />
The need for HMAC arose because keyed hash functions are derived from cryptographic algorithms. Many<br />
countries restrict the import and export of software that implements such algorithms. They do not restrict<br />
software implementing keyless hash functions, because such functions cannot be used to conceal<br />
information. Hence, HMAC builds on a keyless hash function using a cryptographic key to create a keyed<br />
hash function.<br />
<br />
=Summary=<br />
For our purposes, three aspects of cryptography require study. Classical cryptography uses a single key<br />
shared by all involved. Public key cryptography uses two keys, one shared and the other private. Both<br />
types of cryptosystems can provide secrecy and origin authentication (although classical cryptography<br />
requires a trusted third party to provide both). Cryptographic hash functions may or may not use a secret<br />
key and provide data authentication.<br />
All cryptosystems are based on substitution (of some quantity for another) and permutation (scrambling of<br />
some quantity). Cryptanalysis, the breaking of ciphers, uses statistical approaches (such as the Kasiski<br />
method and differential cryptanalysis) and mathematical approaches (such as attacks on the RSA method).<br />
As techniques of cryptanalysis improve, our understanding of encipherment methods also improves and<br />
ciphers become harder to break. The same holds for cryptographic checksum functions. However, as<br />
computing power increases, key length must also increase. A 56-bit key was deemed secure by many in<br />
1976; it is clearly not secure now.<br />
<br />
=Research Issues=<br />
Cryptography is an exciting area of research, and all aspects of it are being studied. New secret key ciphers incorporate techniques for defeating differential and linear cryptanalysis. New public key ciphers use simple<br />
instances of NP-hard problems as their bases, and they cast those instances into the more general framework of the NP-hard problem. Other public key ciphers revisit well-studied, difficult classical problems<br />
(such as factoring) and use them so that mathematically breaking the cipher is equivalent to solving the hard problem. Still others are built on the notion of randomness (in the sense of unpredictability). Cryptanalytic techniques are also improving. From the development of differential cryptanalysis came linear cryptanalysis. The use of NP-hard problems leads to an analysis of the problem underlying the cipher to reduce it to the simpler, solvable case. The use of classical mathematical problems leads to the application of advanced technology to make the specific problem computable; for example, advances in technology<br />
have increased the sizes of numbers that can be factored, which in turn lead to the use of larger primes as the basis for ciphers such as RSA.<br />
Advances in both cryptography and cryptanalysis lead to a notion of "provable security." The issue is to prove under what conditions a cipher is unbreakable. Then, if the conditions are met, perfect secrecy is obtained. Similar issues arise with cryptographic protocols (some of which the next chapters will explore). This leads to the area of assurance and serves as an excellent test base for many assurance techniques<br />
<br />
=References=<br />
<br />
1. ''Onion Routing for Anonymous Communications.'' [http://en.wikipedia.org/wiki/Cryptography]<br />
<br><br />
[http://en.wikipedia.org/wiki/Caesar_cipher]<br />
[http://en.wikipedia.org/wiki/Encrypt]<br />
[http://en.wikipedia.org/wiki/Plaintext]<br />
[http://en.wikipedia.org/wiki/Cipher]<br />
[http://en.wikipedia.org/wiki/Julius_Caesar]</div>Katmehm