Cryptography Data Science
Please leave a remark at the bottom of each page with your useful suggestion.
Introduction
Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it.
The pre-fix "crypt" means "hidden" or "vault" and the suffix "graphy" stands for "writing". It is the art of achieving security by encoding messages to make them non readable.
Some Applications of Cryptography:
- Digital Signature
- Network Security
- e-payment
- Secure communication
Cryptanalysis
- Cryptanalysis is the study of analysing information system in order to study the hidden aspects of the systems.
- Breaking "secret codes"
Cryptology
- Cryptology is the study of cryptography and cryptanalysis
- The art and science of making and breaking "secret codes"
Computer Security (CIA)
Confidentiality:
Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Example:
Student grade information is an asset whose confidentiality
is considered to be highly important by students.
Grade information should only be available to students, their
parents, and employees that require the information to do their job. Student
enrollment information may have a moderate confidentiality rating. While still
covered by FERPA, this information is seen by more people on a daily basis, is
less likely to be targeted than grade information, and results in less damage if
disclosed. Directory information, such as lists of students or faculty or
departmental lists, may be assigned a low confidentiality rating or indeed no
rating. This information is typically freely available to the public and published
on a school’s Web site.
Integrity:
Data integrity: Assures that information and programs are changed only in a specified and authorized manner.
System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Example:
Several aspects of integrity are illustrated by the example of a hospital
patient’s allergy information stored in a database.The doctor should be able to trust
that the information is correct and current. Now suppose that an employee (e.g., a
nurse) who is authorized to view and update this information deliberately falsifies
the data to cause harm to the hospital. The database needs to be restored to a
trusted basis quickly, and it should be possible to trace the error back to the person
responsible. Patient allergy information is an example of an asset with a high
requirement for integrity. Inaccurate information could result in serious harm or
death to a patient and expose the hospital to massive liability.
Availability:
Assures that systems work promptly and service is not denied to authorized users.
• Denial of Service Attack • Virus that deletes files
Example:
The more critical a component or service, the higher is the level of
availability required. Consider a system that provides authentication services for
critical systems, applications, and devices. An interruption of service results in the
inability for customers to access computing resources and staff to access
the resources they need to perform critical tasks. The loss of the service
translates into a large financial loss in lost employee productivity and potential
customer loss.
Authenticity:
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.
Accountability:
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.
Security Architecture
Threat: A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability.
Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.
Security attack: Any action that compromises the security of information owned by an organization.
- Passive attack: aims to learn or make use of information from the system but does not affect
system resources.
• The release of message contents and • Traffic analysis. - Active attack: attempts to alter system resources or affect their operation
• Masquerade • Replay • Modification of messages • Denial of service
Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
- Specific Security Mechanism: May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. • Encipherment • Digital Signature • Access Control • Data Integrity • Authentication Exchange • Traffic Padding • Routing Control • Notarization
- Pervasive Security Mechanism: Mechanisms that are not specific to any particular
OSI security service or protocol layer.
• Trusted Functionality • Security Label • Event Detection • Security Audit Trail • Security Recovery
Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
- X.800: "a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers"
- RFC 2828: "a processing or communication service provided by a system to give a specific kind of protection to system resources"
Classical Encryption Techniques
Symmetric Cipher Model
- Cryptography
- Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
- Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.
- Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key.
- Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. The ciphertext is an apparently random stream of data and, as it stands, is unintelligible.
- Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.
- Cryptanalysis:
Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext–ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. - Brute-Force Attack:
The attacker tries every possible key on a piece of cipher- text until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.
Substitution Techniques
- Caesar Cipher: The Caesar cipher involves replacing each letter of the alphabet with the let- ter standing three places further down the alphabet.
- Monoalphabetic Ciphers
- Playfair Cipher: The Playfair algorithm is based on the use of a 5 × 5 matrix of letters con- structed using a keyword.
- Hill Cipher
- Polyalphabetic Ciphers
- One-Time Pad
Transposition Techniques
Rotor Machines
Steganography
Caesar Cipher
plain: meet me after the toga party cipher: PHHW PH DIWHU WKH WRJD SDUWB
Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the transformation by listing all possibilities, as follows:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the plaintext as single units and translates these units into ciphertext digrams.
The Playfair algorithm is based on the use of a 5 × 5 matrix of letters con- structed using a keyword. Here is an example, solved by Lord Peter Wimsey in Dorothy Sayers’s Have His Carcase:
This cipher was actually invented by British scientist Sir Charles Wheatstone in 1854, but it bears the name of his friend Baron Playfair of St.Andrews, who championed the cipher at the British foreign office. The book provides an absorbing account of a probable-word attack.
M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z
In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to right and from top to bot- tom, and then filling in the remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is encrypted two letters at a time, according to the following rules:
1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x, so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element of the row circularly following the last. For example, ar is encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the column circularly following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM, as the encipherer wishes).
The Playfair cipher is a great advance over simple monoalphabetic ciphers. For one thing, whereas there are only 26 letters, there are 26 × 26 = 676 digrams