The document provides information about the members of a group - Abdullah Rashid Baig, Adnan Haider, Muhammad Zakria, and Muhammad Zeeshan Khan. It then provides definitions and explanations of cryptography, cryptographic algorithms, encryption, decryption, plaintext, ciphertext, keys, secret key cryptography, public key cryptography, hashing, digital signatures, and security goals like confidentiality, authentication, integrity, availability, non-repudiation, and access control. It also discusses potential attacks on cryptography like viruses, traffic analysis, electromagnetic detection, and dictionary attacks.
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Cryptography
1.
2. GROUP MEMBERS
• Abdullah Rashid Baig 10-Arid-270
• Adnan Haider 11-Arid-803
• Muhammad Zakria 11-Arid-829
• Muhammad Zeeshan Khan 11-Arid-843
3.
4. It is derived from the Greek words „kruptos‟ means “secret” and
„graphia‟ means “writing”.
So cryptography means “secret writing”.
Cryptography is the science of using mathematics to encrypt and
decrypt data. Cryptography enables you to store sensitive
information or transmit it across insecure networks (like the
Internet) so that it cannot be read by anyone except the intended
recipient. It is the science of analyzing and breaking secure
communication.
5. Cryptography has long history. Actually dating back to the time of
Julius Caesar. When Julius Caesar sent messages to his
generals, he didn't trust his messengers.
So he replaced every A in his messages with a D, every B with an
E, and so on through the alphabet. Only someone who knew the
“shift by 3” rule could decipher his messages.
6. A cryptographic algorithm, or cipher, is a mathematical function
used in the encryption and decryption process. A cryptographic
algorithm works in combination with a key, a word, number, or
phrase to encrypt the plaintext. The same plaintext encrypts to
different cipher text with different keys. The security of encrypted
data is entirely dependent on two things: the strength of the
cryptographic algorithm and the secrecy of the key. A cryptographic
algorithm, plus all possible keys and all the protocols that make it
work comprise a cryptosystem. Cryptosystem is a system comprised
of cryptographic algorithms, all possible plain text, cipher text, and
keys. PGP is a cryptosystem.
7. PGP is an application and protocol for secure e-mail and file
encryption developed by Phil R. Zimmermann. Originally
published as Freeware, the source code has always been
available for public scrutiny. PGP uses a variety of
algorithms, like IDEA, RSA, DSA, MD5, SHA-1 for providing
encryption, authentication, message integrity, and key
management.
8. Data that can be read and understood without any special measures
is called plaintext or clear text. The method of disguising plaintext
in such a way as to hide its substance is called encryption.
Encrypting plaintext results in unreadable text called cipher text.
9. The process of decoding data that has been encrypted into a
secret format. Decryption requires a secret key or password.
It is the reverse process of encryption. The process of reverting
cipher text to its original plaintext is called decryption.
10.
11. Unscrambled information to be transmitted. It could be a simple
text document, a credit card number, a password, a bank account
number or sensitive information such as payroll data, personnel
information, or a secret formula being transmitted between
organizations.
12. The result of strong cryptography is cipher text that is very
difficult to decipher without possession of the appropriate decoding
tool. The result of manipulating characters or bits via substitution
transposition, or both.
13. • Substitution Cipher
A substitution cipher substitutes one piece of information for another.
This is most frequently done by offsetting letters of the alphabet.
• Transposition Cipher
It is a method of encryption by which the positions held by units
of plaintext (which are commonly characters or groups of characters)
are shifted according to a regular system, so that the cipher text
constitutes a permutation of the plaintext. That is, the order of the
units is changed. Mathematically a bijective function is used on the
characters' positions to encrypt and an inverse function to decrypt.
14. • block Cipher
Block ciphers encrypt the information by breaking down into
blocks. The blocks are of fixed size commonly of 64 bits.
• Stream Cipher
Stream ciphers encrypt the bits of information one at a time. These
are faster and smaller to implement than Block Ciphers. Stream
ciphers operate on 1-bit of data at a time. If the same key stream is
used, attacks may cause the information to be revealed.
15. • Steganography
Steganography is the art and science of writing hidden messages in
such a way that no one, apart from the sender and intended
recipient, suspects the existence of the message, a form of security
through obscurity. The word steganography is of Greek origin and
means "concealed writing" from the Greek
words steganos meaning "covered or
protected", and graphia meaning "writing".
16. A mathematical value, formula or process that determine how a
plaintext message is encrypted or decrypted. The key is the only
way to decipher the scrambled information.
Two Types of Keys
• Secret Key Cryptography (SKC).
• Public Key Cryptography (PKC).
17. In secret key cryptography, a single key is used for both
encryption and decryption.
Secret key cryptography schemes are generally categorized as
being either stream ciphers or block ciphers. Secret key is also
called symmetric encryption.
18.
19. Public key cryptography is an asymmetric scheme that uses a pair
of keys for encryption: a public key, which encrypts data, and a
corresponding private, or secret key for decryption. You publish
your public key to the world while keeping your private key
secret. Anyone with a copy of your public key can then encrypt
information that only you can read. Even people you have never
met. The publicly available component of an integrated
asymmetric key pair often referred to as the encryption key.
20.
21.
22. A hash function takes variable-length input in this case, a message
of any length, even thousands or millions of bits and produces a
fixed-length output; say, 160-bits. The hash function ensures that, if
the information is changed in any way—even by just one bit—an
entirely different output value is produced. A function that produces
a message digest that cannot be reversed to produced the original.
23.
24. Advantages
• The biggest advantage of public key cryptography is the secure
nature of the private key. In fact it never needs to be transmitted
or revealed to anyone.
• Another type of benefit of public key cryptography is that is
provides a method for employing digital signatures.
• It enables the use of digital certificates and digital
timestamps, which is a very secure technique of authorization
.We will look at digital timestamps and digital signatures in a
moment.
25. disAdvantages
• Transmission time for documents encrypted public key
cryptography are significantly larger than symmetric
cryptography. In fact transmission of very large documents is
prohibitive.
• The key sizes must be significantly larger than symmetric
cryptography to achieve the same level of protection.
• Public key cryptography is susceptible to impersonation
attacks.
26. • Confidentiality (secrecy)
Only the sender and intended receiver should be able to understand
the contents of the transmitted message.
• Authentication
Both the sender and receiver need to confirm the identity of other
party involved in the communication
• Data integrity
The content of their communication is not altered, either maliciously
or by accident, in transmission.
27. Digital signatures enable the recipient of information to verify the
authenticity of the information’s origin, and also verify that the
information is intact. A digital signature also provides non-
repudiation, which means that it prevents the sender from claiming
that he or she did not actually send the information. These features
are every bit as fundamental to cryptography as privacy, if not more.
A digital signature serves the same purpose as a handwritten
signature. However, a handwritten signature is easy to counterfeit. A
digital signature is superior to a handwritten signature in that it is
nearly impossible to counterfeit, plus it attests to the contents of the
information as well as to the identity of the signer.
28. • Availability
Timely accessibility of data to authorized entities.
• Non-repudiation
An entity is prevented from denying its previous commitments or actions.
• Access control
An entity cannot access any entity that it is not authorized to
• Anonymity
The identity of an entity if protected from others.
29. What is a passphrase?
A passphrase is a longer version of a password, and in theory, a
more secure one. Typically composed of multiple words, a
passphrase is more secure against standard dictionary
attacks, wherein the attacker tries all the words in the dictionary in
an attempt to determine your password. The best passphrases are
relatively long and complex and contain a combination of upper
and lowercase letters, numeric and punctuation characters.
Your private key is totally and absolutely useless without your
passphrase.
30. Viruses and Trojan horses
Attack could involve a specially tailored hostile computer virus or
worm that might infect PGP or your operating system. This
hypothetical virus could be designed to capture your passphrase or
private key or deciphered messages and to covertly write the
captured information to a file or send it through a network to the
virus’s owner.
31. Even if the attacker cannot read the contents of your encrypted
messages, he may be able to infer at least some useful information
by observing where the messages come from and where they are
going, the size of the messages, and the time of day the messages
are sent.
This is analogous to the attacker looking at your long-distance
phone bill to see who you called and when and for how long, even
though the actual content of your calls is unknown to the attacker.
This is called traffic analysis.
32. A kind of attack that has been used by well-equipped opponents
involves the remote detection of the electromagnetic signals from
your computer.
A calculated brute force attack to reveal a password by trying
obvious and logical combinations of words.