Cryptography In System And Network Security
The problems of securing data against meddlers have pulled an incredible consideration in the modern information world. A security mechanism is expected to secure the data that is sent. “The science of encrypting, or hiding, information is known as cryptography”. The expanding request of the electronic exchange in the form of credit card, online money exchange, and Electronic Data Interchange (EDI) builds the requirement for network security. Network security is necessary to prevent the security breaches otherwise, it will affect the whole information technology without any doubt. Whatever the network security policies an enterprise chooses, there is a high chance of using cryptographic technology. This research paper centers around dissecting distinctive kinds of cryptography, the idea of encryption and decryption.
Cryptography is a strategy for transmitting information in an encoded form with the end goal of security and privacy. Hardly, who has a secret key for unraveling the message can recover the information. There is more exploration going ahead in the cryptographic field. Be that as it may, finding the best calculation to battle upon security is extremely difficult. To ensure security in every application it is essential to have the following factors,
- Confidentiality: It is an art of keeping the privacy of data.
- Authentication: It verifies whether the user is, in fact, who he declares himself to be.
- Integrity: It is an affirmation that the data has not been changed or modified after sent by the sender.
- Non-repudiation: It means the sender cannot disprove that he sent the information.
Cryptography Process
If a user sends a message over the network, cryptography process changes it into ciphertext. This transformation process is called Encryption. Once the encrypted message is received by the recipient, the receiver decrypts the ciphertext to its original message. This transformation process is called Decryption. “Cryptanalysis is the process of analyzing available information to return the encrypted message to its original form”.
Cryptography Techniques
There are three basic cryptography encryption algorithms:
Symmetric encryption
Private key encryption also is known as symmetric key encryption. Secret sharing schemes might be easy to interpret geometrically but, implementing them into computers involves more difficulties. This method is applying a secret or private key in the communication. This key is issued confidentially only among the verified sender and recipient. Placing the immense level of complexity in the key will bet a hacker to achieve his task. The ‘Hybrid Encryption’ and ‘Double Encryption’ concepts help to protect the key from outsiders. It is imperative to shield the transmission channel from a few interruptions. To execute these safety efforts, we may utilize different strategies or algorithms. The most prominently known strategy is to present some character code which will guarantee the sender that the individual who is on collector end is an authorized person. This technique can be fruitful and may guarantee the authenticity of cozy discussion being carried on between the two imparting parties. This code is accessible to both the conveying parties and enables every one of them to create solid methods for validation.
Data encryption standard (DES)
Although there have been plenty of secret key algorithms emerged, the most extensive is the Data Encryption Standard (DES). This information encryption standard determines both the encrypting and decoding by a binary key. DES is further termed as Block Cipher as it splits the initial message into specific block size. If the required block size is not reached, then it just appends the additional blocks. DES algorithm has 16 rounds on every 64-bit input block. So, in the end, it produces 64- bit blocks of ciphertext for each given input. Using a strong key in all sixteen rounds, this algorithm will give the reliable results. Triple DES. It solves the issues found in DES. It doesn’t alter the previous algorithm completely. It just increases the key size of the previous algorithm (56 bit) and runs the algorithm 3 times with three alternative keys. So, in the end, it produces 168 bits (3*56 bit). It involves 3 steps namely Encrypt-Decrypt-Encrypt. Let us say if key1 is used to encrypt the plain text then key2 will be used to decrypt it. At last it will be encrypted with key3.
Advanced encryption standard
AES also known as Rijndael was first published by two Belgian cryptographers, Vincent Rijmen and Joan Daemen and later established by NIST in 2001 - National Institute of Standards and Technology (Selent, 2010). It was accepted by the U. S. government and made as a standard in its top-secret IT needs in 2002. AES uses the symmetric-key algorithm which means the same key is used during encryption as well as during decryption. It uses 128 bits block sizes and 128- or 192- or 256-bits key sizes which is considered much stronger than DES. AES is widely used when compared to DES and 3DES algorithms.
Symmetric encryption limitations
Symmetric encryption computations occur considerably quick. As they have moderate complexity, they can be easily implemented as well. When comparing to asymmetric, this technique is very old. It can be easily attacked through brute force. If the algorithms use week keys it will be vulnerable.
Asymmetric Encryption
This is also known as public key cryptography. It is the idea of interaction among two people without distributing the secret key. It solves the issues found in symmetric cryptography. It uses two keys, one is for encryption and the another is for decryption. In this cryptography, everybody has a set of keys that is a public key and a private key. The private key is conceded to exclusively the individual proposed. Let us say the person A sends a specific file to person B. Once the person B received the encrypted file, his system should use the public key which is shared by A, and its own secret key. Even though it looks like a key is shared between many people, it doesn't mean that anyone can read it. Because the private key is more complex to find out by the third person, as it is basically a prime number, which makes the system more secure. The Pretty Good Privacy applies public key cryptography, which is more reliable and efficient.
RSA algorithm
RSA is one of the first public key cryptosystems ever invented. The main advantage of its wide usage is that it can be applied to perform encryption as well as digital signature. It also reduces the impacts in its previous versions. This calculation utilizes the result of two extensive prime numbers and takes a shot at the standard of trouble in figuring such substantial numbers. The assurance of the RSA calculation relies upon the difficulty of figuring vast numbers. Throughout late years, expansive cryptanalysis has revealed different inadequacies in the computation that have all been soothed viably. The assurance of the RSA calculation relies upon the difficulty of figuring vast numbers. RSA should involve more complexity when factoring the vast numbers to achieve the security. RSA solved several security issues, but it is not more secure. The minimal recommended key length is 1024 bits. It would be more recommended to use the key length of 2048 bits.
Asymmetric encryption limitations
Comparing to symmetric encryption it is an advanced but much slower encryption technique. This might not suitable for bulk encryption as computation usually takes more time. Week keys and passwords will break the system. It reduces the huge risk of sharing keys.
Hashing Functions
This algorithm is applied to sensitive files or piece of data to yield a value called checksum. The rule usage of a cryptographic hash operation is to affirm the validness of the particular file. Two records can be believed to be vague just if the checksums made from each match using the similar cryptographic hash operation, are indistinct. The widely used hash functions are MD5 and SHA-1. If a hacker attempts to crack a file or a password, he must know which exact algorithm was used before. Few websites have more security protection algorithms which convert the generated hash code into some encrypted form. This process is only understandable by the web server. Thus, it produces more security. For instance, if a user registers a password, this cryptographic hash function generates a checksum value. But before storing it in the password database, it will shuffle the checksums. If the same user again login the website, the web server reverses the process.
MD5 algorithm
Ron Rivest has developed this algorithm as a fortified version of the MD4 algorithm. Input will be any string of bytes and output would be 16 bytes field. MD5 employed in real security frameworks for quite a while, but it is not giving the expected results. The computation comprises of four rounds.
Quantum Cryptography
It is a strategy that applies quantum mechanical standards to allow safe transmission among the valid sender and receiver. The main principles of Quantum Key Distribution (QKD) are measuring and entanglement.
- Measuring: Quantum theory states that measuring the properties of a particle will influence the particle’s quantum state.
- Entanglement: Entanglement in quantum mechanics alludes to particles whose individual states can't be composed without reference to the condition of different particles.
Applications of Cryptography
This segment intends to clarify the way the cryptography is achieved in most greatly utilized applications. We cannot simply depend on the cryptography techniques for all the safety struggles. But, cryptography plays a major role in the whole security network.
- Strong Authentication
- The One-time password generator (OTP).
- Challenge response tokens.
- Network Link Encryption
- Virtual Private Network
Authentication is the process that checks whether the user is, in fact, who he declares himself to be. Authorization procedure continues only after the authentication is done. It determines the privileges and permits access to the authenticated user. Multi-factor. Every application uses password authentication, but it is less secure. So, if the organization possess highly confidential information then they should deploy additional security methods such as biometrics and smart cards. When a registered user sign-in the account his user ID and password will be checked in the database which has the credentials of registered users. If the credentials do not match then the authentication fails, and he cannot access the network. Smart card method uses cryptography-based authentication. Biometrics authentication method uses the unique biology features of users such as fingerprints, voice, iris scan, face recognition etc. It would be profitable to add some behavioral aspects of the user (“the user can do”) i. e. the capacity to type on a console following a specific pattern.
With the help of cryptography algorithms, password generator generates session passwords or one-time password. This OTP will be expired once the session got expired. So, the hacker cannot guess this password within the short-range of time. This password generator is a hardware, so the user gets the token in this device screen and types it into the specific websites.
Every user holds a token that produces a cryptographic key. Challenge response protocol validates the token. So, it is very challenging to hack without obtaining the token. The user requires to type the key into the token. The device will produce a reply which can be typed into the web browser. These tokens usually used in bank applications.
It turns from end-to-end encryption as it is utilized to encode and decode complete traffic at each and every node. It can be employed between 2 switches. This encryption techniques are applied at level one and level two layers. The foremost goal of network link encryption is to afford the reliable data transfer where the transmission line is not reliable. It is normally applicable for high-level safety circumstances, like the military but not good across the internet. It does not give end-to-end encryption. Therefore, to accomplish end-to-end encryption different innovations are utilized, for example, TLS and VPN.
VPN (Virtual Private Network) is a technology that widely uses Cryptography. There are multiple types are VPN technologies available. All does not always use cryptography, nor all won’t ensure security but in general, VPN provides connectivity between two peers in the widespread network environment. Usually, VPNs are used by end users who want to connect their system securely to an enterprise network or a remote network even though the user is not in a secured local area network. For establishing VPN, it first must verify the identity. This is done by mutual authentication i. e. by sending the X. 509 certificate from client to server or using pre-shared secret. VPN uses two technologies for its successful establishment. First is IPSec based VPN and the second is SSL based VPN. IPSec based VPN would always need a software to be installed in the client machine to connect the client with server securely. SSL based VPNs can be established from a browser using SSL tunnels that are derived from either Java or. NET technology.
Cryptography in Wireless Communication
Wireless technology is a more convenient invention which can transfer data between devices in a network through radio frequency without any means of physical connections. Today, we are having a wide range of wireless technologies such as Wi-Fi, Bluetooth, ZigBee, 4G LTE, and more. The serious concern about wireless communications is Data Security and End User’s Privacy. Use of wireless communication is less secured because the confidential information can easily eavesdrop and there might be a higher probability of fraudulent intrusion when the user uses unsecured or poorly secured networks. There is no assurance that no one can intercept our data and modify it, especially when it is a free public Wi-Fi. Wi-fi is the most generally utilized standard for wireless technology today. Table 1 Comparison of Different Security Standards. Wi-Fi Protected Access version 2 (WPA2) much similarly WEP, after several validations considered as reliable one. Although WPA2 has more limitations as of now, it is viewed as the most secure remote security standard accessible. Comparing to WPA, the WPA2 has been improved with the utilization of Advanced Encryption Standard (AES) for encryption WPA2 has two modes: personal mode and in enterprise mode. Users are urged to utilize WPA2. WPA2 have more security features like endpoint validation to enhance the reliability. “The GSM system is the most widely used cellular technology in use in the world today”.
Cryptography is utilized to both verify subscribers of the system and in addition to giving privacy to transmitted information. GSM uses various cryptographic algorithms concerning safety that is usually recognized with 'A' such as A5/1 or A5/2. The opportunity that wireless communication provides for its customers also utilized by eavesdroppers. IPsec IPSec – Internet Protocol Security is a protocol suite that provides authentication and encryption using cryptography. It uses multiple cryptographic algorithms for its security like SHA1 or SHA2 for securing integrity and 3DES or AES for encryption and confidentiality. IPSec operates in two modes. One is the transport mode and the other is tunnel mode. Transport mode is used for secure communications between two endpoints. Here only the payload is encrypted. The IP headers which are meant for routing is not concealed. Tunnel mode is used for secure communications between two or more group of nodes. Here both IP headers and data payload are encrypted. It will encapsulate dedicated tunnel IP for routing purposes. IPSec is widely used in enterprise networks. IPSec will get established in two phases. In phase one, it uses IKE (Internet key-exchange) protocol to securely establish the session between two nodes which uses an asymmetric key algorithm called Diffie-Hellman. In phase two, it uses transport mode or tunnel mode to securely connect endpoints.
Conclusion and Future Study
As we have gone so far, it is apparent that cryptography survives in all over the place. It plays a calm, however, a fundamental job in various everyday tasks; when we need to surf the net safely without the anxiety of hackers, withdrawing our hard-earned money from ATM, emailing sensitive information to the boss or client. Be that as it may, cryptography is not a weapon that stops all security troubles. It should be utilized accurately with a definite goal to add the security of a framework. To be sure, there are numerous precedents of awful uses of cryptography that have prompted security calamities. A part of these items doesn't satisfy their requests, due to the errors in using cryptography. The most crucial message is users should not depend on security by lack of clarity. Any product that uses secret algorithms, that beat everything by its speed and security, ought to be treated with caution. Every organization must recognize the crucial significance of advanced cryptographic strategies. The cryptography techniques have been a vibrant area of research, as some of the previous algorithms haven't provided the expected results in this modern information era. What we need to learn more while reading this paper is that encryption is spread over numerous domains and applications. There is no single solution that gives end-to-end protection constantly. One reason for this complicated nature is the need for managing key over various domains. This is a vital section for future research work.