Primary Color
0
Profile Image of the Author
Prabith GS
Offensive Security and AI Researcher | Programmer | Writer
Categories
Tags
4504 words
23 minutes
An Analytical Study On Encryption And Privacy
2021-01-31
Technical
Cryptography
Encryption
Privacy
Privacy Policy

ABSTRACT#

Security plays an indispensable role in internet and networking applications. Nowadays, internet and network application are emerging very rapidly. Today, the significance and the worth of transmitting or exchanging information over the internet or other communication medium is enlarging. Information Security plays a very crucial role in the aspect of data transfer. The best way to give the security for our information is cryptography.

Cryptography is one, which plays an important role in computer security that translates the information from its original form into an incomprehensible or unreadable form by using encryption and decryption techniques. Cryptography certifies that the information is transmitted without any modification and only the official person will be able to uncover and read the protected information. There are a large number of cryptographic techniques emerging to obtain secure communication.

This paper mainly focuses on the different kinds of encryption techniques, attacks on encryption and privacy. The keywords are: cryptography ,cipher, encryption, decryption, attacks, symmetric , asymmetric , Privacy, Privacy Policy

INTRODUCTION#

Encryption is the process of making files or data unreadable which only the authorized parties can understand. It’s one of the oldest and important fields of study man has ever undertaken. From Prehistoric Times to the 21st century, it is important to secure the leakage of data to unwanted parties. There are historical inscriptions that provide evidence that Encryption was practiced and originated from Egypt who wished to preserve their secrets regarding Religious Rituals from other cultures. For secret communication between military generals ancient Greece and the Spartans has devised a cipher device called Scytale consisting of a thin rod wrapped around by a piece of paper inscribed with the message .

Later these encrypted texts were often created by simply substituting a letter with another letter in the text, which was known as Substitution Cipher. This method was widely used by Julius Caesar to communicate with his military troops. During World War, devices like Cipher Disks, Enigma, and Trench Code were widely used among European Nations. Since we had a brief introduction to the origin of Encryption let’s learn more about Encryption. In other words, Encryption uses a particular step to jumble the data and then requires a key for the receiving party to decode the information. This process requires the use of a cryptographic key: a string of characters that is used for altering data to make it random and difficult to understand.

In Cryptography a cipher is a well-defined process that is used to convert normal text into the encrypted form and vice-versa When using a cipher the ordinary text is known as plaintext and its corresponding encrypted form is known as Ciphertext.. As we read, these ciphers like Scytale, Substitution Cipher, and many more became relatively easier to understand and decipher, also partially due to the Introduction of Computers which are capable of solving more complex calculations in a shorter amount of time. Thus came various modern cipher techniques like Stream Cipher, Block Cipher, Hybrid Cipher, and many more have strengthened the confidentiality of Information from malicious attacks. Depending upon the type of security key used Encryption can be classified as Symmetric and Asymmetric Encryption. In symmetric encryption both sender and user agree upon a standard key that is used to encrypt the message whereas in Asymmetric Encryption two different keys are used.

1. ENCRYPTIONS#

Cryptography is the art of converting readable text (plain text) into unreadable cipher text that ensures data privacy. It’s about data security, data encryption, data authentication and access control. Basically there are two types of cryptography - Symmetric Key cryptography and Asymmetric Key cryptography.

1.1 SYMMETRIC ENCRYPTIONS#

The modern cryptographic system is classified into 3 categories namely Block cipher, Stream cipher and Hybrid cipher.

1.1.1 BLOCK CIPHER#

Block Ciphers are the algorithm used to encrypt a plaintext to ciphertext of same size.To encipher the whole block size , similar key is used. Some important algorithms of this category will be discussed further.

A. DES(Data Encryption Standard)#

IBM developed DES algorithm in 1997 and tends to operate on 64 bits block size. Process of this encryption is split into 16 stages subsisting of eight S-Boxes. It shuffles the bit first and then moves on to non linear substitution and finally performs XOR operation to get the output. The sub key of a particular round is merged with the result using XOR operation. The process of description involves reverse order of sub keys.

Benefits of DES:

  • Its a 56 bit key. So there are 2^56 possibilities of keys which would take a decade to find the correct key using brute-force attack
  • Encryption and decryption takes the same algorithm
  • This is very convenient for software and hardware requirements.
  • Cryptanalyst is free to perform cryptanalysis, so as to exploit the Des algorithm. However, have found it extremely hard to find any major weakness.
  • DES does have the desirable properties of confusion and diffusion
  • Due to its Feistel structure and uncomplicated logic, DES is relatively easy to implement.
  • Each bit of cipher text is based upon multiple bits of the key and changing a single bit of plaintext changes, on average, half of the bits of cipher text

Drawbacks of DES:

  • During splitting of keys to two half and swapping them might throw up the same result if they have continuous 1’s and 0’s. Thins ends up in using the same key through out the 16-cycles
  • There can be same output from the S-Boxes on different inputs on permutation. These are called Semi weak keys.
  • If the message is encrypted with a particular key, and is taken 1’s compliment of that encryption will be same as that of the encryption of the compliment message and compliment key.
  • The initial and final permutation is not exactly clear and seems confusing.
  • Now in the age of parallel computing, breaking DES has become easy with the help of brute force attack which was impossible during that time.
  • DES fails in front of linear crypt-analysis, because during its design this attack wasn’t invented.

B. AES(Advanced Encryption Standard)#

National Institute of Standards and Technology(NIST) started AES in January 1997. AES is more powerful than DES algorithm and for both encryption and description purposes , it has a minimum block size of 128 bits. In this encryption process, Bites will be substituted first,then rows will be shifted , then mixes column and castle add the round keys. It can be used to secure both sensitive and uncategorised materials (fig 1). Benefits of AES:

  • This security algorithm may be implemented in both hardware and software
  • It is resilient against hacking attempts
  • It is an open source solution , it remains highly accessible for both private and public sectors
  • AES is the most commonly used security protocol today, used for everything from encrypted data to wireless communications
  • It is essential for the government computer security, cyber security and electronic data protection
  • AES brings additional security because it uses a key expansion process in which the initial key is used to come up with a series of new keys called round keys
  • AES data encryption is a more mathematically efficient and elegant cryptographic algorithm

Drawbacks of AES:

  • AES has a very simple key schedule and simple encryption operations
  • Every block is always encrypted in the same way
  • Hard to implement with software
  • AES in counter mode is complex to implement in software taking both performance and security into considerations.
  • Many AES attacks are based upon the simplicity of this key schedule and it is possible that one day an attack will be created to break AES encryption.

C. Blowfish#

It is a 64 bit cipher encryption consisting of changeable key length which ranges from 32 to 448 bits. It is designed as a practical alternative to DES algorithm for speedy encryption in 32 bit processors by Bruce Schneir . Blowfish is a fiestel cipher comprising of 16 sequence/rounds and is fit for handling huge amount of data. During each round of processing, large number of subkeys are used .it consists of P-ARRAY of 18 subkeys, each having 32 bits and 4 Sboxes of 256 entries. It is a well structured algorithm but is vulnerable to chosen and differentiable plaintext attacks. I/P data block is broken into two halves of 32 bit each ,L0 and R0, during the encryption using Blowfish. It has a wide range of application where the key is not frequently changed.

D. RC4(Rivest Cipher 4)#

Ronald Rivest developed RC4 algorithm and it requires consecutive swapping of state entries, based on a key sequence . Length of the key is changeable ranging from 1 to 256 bites. pseudo-random bytes are generated in this process to generate the stream which is XORed for converting plaintext to ciphertext. This algorithm is ten times faster than DES algorithm.

E. 3DES (Triple Data Encryption Standard)#

3DES is a evolved form of DES algorithm. It is highly dependable and has a key key length of 192 bits. In the first stage the key is divided into three sub keys of 64 bits and the rest of the procedure is same as DES algorithm except that the process is repeated three times. The data which is encrypted by the first key is decrypted by the second key and again the third key encrypts the decrypted data. But it does not have the potential to secure the data for a longer period of time.

1.1.2 STREAM CIPHER#

Stream ciphers are classified under Symmetric key cipher. Each digit of the plain text combines with pseudorandom keystream . Each digits of plain text is encrypted individually , one at a time , with the corresponding digit of the main stream.

A. Grain Cipher#

Grain Cipher was designed by Thomas Johansson,Martin Hell and Willi Meier . It was designed in such a way that the chip area needed is reduced and implementation of the hard ware is also easy.NFSR and LFSR of 80 bits each are the main two constituents of Grain Cipher. LFSR is used to secure cipher cryptographically by providing proper balanceness . On the other hand NFSR adds nonlinearity to grain cipher.

NFSR input is masked with LFSR output in order to create a balanced state of NFSR . The key size and initial vector are 80 bits in size. f(x) and g(x) are the feedback polynomial functions for the LFSR and NFSR are f(x) and g(x). h(x) is represented for the non linear filter function. The filter functions uses specific bits from both the feedback registers as inputs. After that 7 bits are added to h(x) from NFSR which then becomes an irrelevant feedback to both LFSR and NFSR. This value is also used as the keystream sequence.

1.2 ASYMMETRIC ENCRYPTIONS#

Public key cryptography, unlike their symmetric counterparts, uses two keys (public and private). One key is used for encryption while the other for decryption. These keys are generally generated using certain algorithms powered by mathematical one way functions.

Asymmetric Encryptions have 3 algorithms Generator(G), Encryptor(E) and Decryptor(D). G() is used to generate a pair of keys (pub,priv). E(pub,m) and D(priv,ct) are used to encrypt and decrypt respectively. Public key can be shared with anyone as it can only be used to encrypt messages. Likewise, only the person with the private key can decrypt the message. Ulike symmetric, asymmetric are classified on the basis of algorithms used like RSA, ECC, Diffie–Hellman, ElGamel etc.

A. RSA#

Rivest Shamir Adleman is the most commonly used Public Key encryption system out there. The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.

This algorithm can make a pair of keys. The key generation is as follows:

  • Choose two prime numbers p and q.
  • Calculate n=p·q
  • Calculate the value of Euler’s totient for n φ(n) = φ(p)·φ(q) = (p − 1)·(q − 1)
  • Choose a number e such that e is coprime with φ(n) and 1<e<φ(n).
  • Calculate d such that d·e= 1 (mod φ(n)) (n,e) is the public key and (d,n) is the private key.

The encryption process is pretty straight forward ciphertext c = me (mod n). The decryption process is also similar, plain text pt = cd (mod n). The RSA system’s security relies on the fact that if you take 2 huge prime numbers and multiply them the result is nearly impossible to factorize and get back those primes. Unless the person uses a small exponent value such as e=3 etc it is difficult to break this crypto system if the modulo is strong.

RSA can also be used to sign and authenticate messages.The sender can find the hash of the message and raise it to power d and mod n, sig = hd (mod n). And the receiver can do sig to the power e mod n and check whether the hash value matches with that of the message, H = sig<sup>e</sup> (mod n).

B. DIFFIE-HELLMAN#

Deffie-hellman is a protocol used to generate a shared private key for two users and exchange info over an insecure channel. It is one of the most popular key-agreement algorithms. It is the base of many protocols including SSL/TLS. American cryptographers Whitfield Diffie and Martin Hellman in 1976 published this algorithm. However, it was revealed that the protocol had been discovered even earlier, by the British intelligence agency (James H. Ellis, Clifford Cocks, and Malcolm J. Williamson) but remained undisclosed.

For key generation let’s consider two people Alice and Bob, who want to generate their key..

  • First Alice and Bob pick a common prime number p and a generating element g. (It is advised to choose p such that (p-1)/2 is also a prime)
  • Now Alice chooses a large random number ‘a’ which is her private key. Similarly Bob chooses a private key ‘b’.
  • Now Alice computes A = ga mod p and sends it to Bob. Likewise Bob computes B = gb mod p.
  • Alice sends A to Bob and Bob send B to Alice.
  • Alice and Bob calculate k, k = Ba mod p, also k = Ab mod p.
  • Now both Alice and Bob both have the secret number k.
  • In practice we find the hash of this k and use it as key for symmetric ciphers like AES.

This is one of the most secure protocols out there if the initial number are chosen properly as the attacker world have to solve discrete log problem and there is no known efficient method to calculate it and that make this protocol as strong as RSA as solving discrete log is as hard as factorizing modulus in case of RSA.

Like RSA we can use Diffie-Hellman protocol to encrypt messages using public and private keys. Suppose Bob wants to send a message to Allice, he can encrypt it with Allice’s public key, i.e, g,p,ga mod p. Bob chooses a number b and sends gb mod p to Alice. Then he sends the message encrypted by symmetric key, (ga)b mod p. Only Alice can get the value of b and decrypt the message. But DH is rarely used for this purpose.

C. ELLIPTIC-CURVE CRYPTOGRAPHY#

ECC or Elliptic-curve cryptography was proposed in 1985 by Neal Koblitz and Victor Miller. Elliptic curves have some peculiar characteristics which make them so useful.

  • The curve is non-singular(smooth)
  • A line between two points will always intersect at a third point.

This allows us to find a point in this curve starting from another point which has no relation with the starting point. So making it very difficult to reverse the path.

For generation of keys, we first choose a point P on the curve then we use the curve’s projective property and draw a line which is tangent to the starting point P, then find where it intersects the curve at a second point Pʹ. Afterwards, flip the axis and draw a line from that new point (2•P) through the starting point P and find the new intersection point Pʹʹ. Then flip the axis again and draw a line from that new point (3•P) through the starting point and find the new point of intersection Pʹʹʹ etc. (this mathematical operation is called point multiplication). We can repeat this process as many times as we want and get a point Q on the curve which has no relation with the original point P and can be defined as Q = n•P, where n is no of iterations.

The security lies in the fact that if we know starting point P and ending Point Q, we cannot calculate n. It turns out there is no known algorithm to find n. Basically you have to just keep adding P to itself and count how many times you have to do it in order to get to Q. This is easy for small n but for huge values of n, this becomes impossible. If the selection is truly random, it will take more time than the life of this universe to find any collision if you can try more than 250 billion billion possibilities a second (five times the peak of the bitcoin network) and you will need more energy than the energy required to evaporate the entire water on earth.

Because of this ECC is used by Bitcoin, Ethereum and many others. They use y² = x³+7 curve known as secp256k1 curve.

1.3 HYBRID CIPHER#

A hybrid cipher integrates both symmetric and asymmetric ciphers. It functions using the public key cipher to share a key for symmetric cipher. One of the ultralight weight cryptographic hybrid cipher which shows the characteristics of both Block Cipher and Stream Cipher is Hummingbird. This hybrid structure make it the most suitable for the resource constrained devices .
As mentioned above, it does two two work at the same time. In the first part, it takes the benefit of having the properties of both symmetric and asymmetric techniques using ECC and AES algorithms . In part two, It uses XOR-Duel RSA as it is more robust and cannot be easily attacked . For data integrity MD5 hashing is used to be secure that the original data or text is not changed while communicating .

2 CRYPTOGRAPHIC ATTACKS#

The basic intention of an attacker is to break a cryptosystem and to find the plaintext from the ciphertext by cracking down the ‘key’. To obtain the plaintext the attacker only needs to find out the secret decryption key, as the algorithm is already in public domain. Once the attacker is able to determine the key, the attacked system is considered as broken.

A. Bruteforce attacks#

In Brute-force attacks hacker tries every possible character combination to find the ‘key’ to decrypt an encrypted message. Brute-force attacks may take a smaller amount of time for smaller keywords but it will take an immeasurable amount of time for larger keywords.Therefore it is not preferred in modern days encrypted system.

B. Cipher-only attack#

In the ‘cipher-only’ attack the attacker knows the cipher-text of various messages which have been encrypted using the same encryption algorithm. The attacker tries to figure out the ‘key’ which can then be used to decrypt all messages.

C. Known-plaintext attack#

In the ‘known-plaintext’ attack, the attacker knows some of the plain-text and the cipher-text. He then has to figure the ‘key’ by reverse engineering and he can decipher other messages which use the same ‘key’ and algorithm. It was popular for breaking ciphers used during the Second World War.

D. Chosen plaintext attack#

The ‘chosen-plaintext’ attack is similar to the ‘known-plaintext’ attack, but here the attacker experiments by choosing his own plaintext (say choosing a word such as ‘cryptography’) for a ‘Vignere cipher’ and with the generated ciphertext he can figure the ‘key’.Once he figures the ‘key’ he can learn more about the whole encryption process and understand how the ‘key’ is being used.With this information, and the information can be stolen.

E. Chosen ciphertext attack#

In the ‘chosen ciphertext’ attack, the attacker chooses a portion of the decrypted ciphertext. He then compares the decrypted ciphertext with the plaintext and figures out the key.

F. Differential cryptanalysis#

This was a popular type of attack against block algorithms such as DES in 1990. The primary aim of this attack, as with other attacks, is finding the ‘key’. The attacker follows several messages of plaintext into their transformed ciphertext. He observes the changes form plaintext to the ciphertext and deduces the key.This is a type of ‘chosen-plaintext’ attack since the attacker chooses the plaintext to observe the transformation.

G. Linear cryptanalysis#

In this attack the attacker carries out a “known-plaintext” attack against several messages which have been encrypted with the same key. This gives the attacker inforamtion to guess probability of particular key. If more messages are attacked, there is a higher possibility of finding the particular “key”.

H. Replay attacks#

In a ‘replay attack’, the attacker captures some authentic information by sniffing or any other mode and re-submits it back to the receiver. This dupes the receiver and they give the attacker unauthorized access.

I. Man in Middle Attack (MIM)#

The targets of this attack are mostly public key cryptosystems where key is exchanged before communication takes place.A hacker interepts the key being exchanged by acting as an middle man and the data are stolen.

  • Host A wants to communicate to host B, hence requests public key of B.
  • An attacker intercepts this request and sends his public key instead.
  • Thus, whatever host A sends to host B, the attacker is able to read.
  • In order to maintain communication, the attacker re-encrypts the data after reading with his public key and sends to B.
  • The attacker sends his public key as A’s public key so that B takes it as if it is taking it from A.

J. Dictionary Attack#

This attack has many variants and in all the variant involve compiling a ‘dictionary’. In simplest method of this attack the attacker builds a dictionary of ciphertexts and corresponding plaintexts that he has learnt over time and when attacker gets the ciphertext, he refers the dictionary to find the corresponding plaintext.

3. PRIVACY#

Privacy is the claim of individual , group , or institutions to determine for themselves when , how,and to what extend information about them is communicated to others.

THE WAYS TO PROTECT PRIVACY#

There are the following basic ways to protect privacy :

  • Technology
  • Law
  • Markets
  • Yours choices as an individual

Technology- By creating spam filters and Asymmetric Key cryptography.

Law- the CAN-SPAM Act -Illegals to send commercial email with false headers -We can unsubscribe from the sender Markets-you choose an email provider that does a good job of reducing spam
Your choice you decided not to open that email with the unpleasant header

TYPE OF PRIVACY HARM#

Major 4 categories of privacy harms are:

  • intrusions

  • information collection

  • information processing

  • information dissemination

1) INTRUSIONS#

In this they come into your space and contact you or tell you want to do

Examples

  • unwanted email(spam)
  • unwanted phone calls etc.

2) INFORMATION COLLECTION#

They watch you are doing , more than they should surveillance and interrogation Example of protections : with a warrant ,the government can wiretap or search your house. Having to get a warrant to get a warrant is a protection , though , against too much information collection.

3) INFORMATION PROCESSING#

They have a lot of data and to do things with it

  • permission

  • Identification: they learn about your anonymous action

  • Data mining : they learn pattern ,to decide if you are a good customer or suspected terrorist

  • Exclusion : they decide you are not a good potential employee or customer

4) INFORMATION DISSEMINATION#

They disclose data,perhaps more than we think they should

  • Breach of confidential: a doctor or lawyer discloses more than you wish
  • Transfer to third party: a company or government shares data about you to persons you don’t expect
  • Public disclosure of private facts: an intimate photo of you or disclosure of intimate facts
  • Disclosure of untrue facts : you can put in false light
  • Appropriation: they use for name or picture without your

FAIR INFORMATION PRACTICES#

On general analysis we examine that five fair information have been developed to protect against these sort of privacy concern The five principal are:-

  • Notice /awareness
  • choice/consent
  • access/participation
  • integrity/security
  • enforcements/redress

1) NOTICE/AWARENESS#

Individual visual need notice to make an informed choice about whether to provide information Who is collecting the data Uses for which for which the data will be used

  • Who will receive the data
  • The nature of the data and the means by which it is collected if not obvious
  • The steps taking to preserve confidentiality, integrity and quality of the data

2) CHOICE#

  • Choice may apply to secondary uses uses beyond the original reason you provide your data
  • Sometimes the choice is opt in they wont share your data unless you say you want them to
  • HIPAA medical privacy rule-don’t share
  • sometimes choice is opt out they can share your data or contact you but you can tell them not to

3) ACCESS/PARTICIPATION#

Individual in some instances can access the data held about them,and correct any inaccuracies

  • Fair credit reporting act
  • Privacy act

4) INTEGRITY/SECURITY#

  • Data should be secure and accurate

  • Without security, can have good privacy policies but hackers gain entry

  • Without accuracy, wrong decision are made about individuals

  • We should expect reasonable technical, physical and administrative measures

5) ENFORCEMENTS/REDRESS#

THERE IS GREAT VARIETY IN THE WAYS THAT PRIVACY PRINCIPLES ARE ENFORCED

  • Increasingly, companies and government agencies have Privacy Professionals to comply with their privacy promises
  • Companies can be fined if they break the promise of privacy .
  • For some kind so data ( medical , financial , stored communication),there is additional
  • Enforcement by individual or government agencies.

WHATSAPP NEW PRIVACY POLICY#

According to new privacy policy the data will still remain end to end encrypted while sharing data to an individual. The data which WhatsApp will going to share is the system hardware ,system software , operating system , signal , time , IP address , profile , status , name and contacts. WhatsApp will give the data not only Facebook but other Facebook associated third party apps. The end-to-end encryption will not be provided for the business accounts they can fetch the data to share with Facebook and other Facebook associated third party apps.

CONCLUSION#

This paper mainly tells about the study of Symmetric, Asymmetric key encryption, Attacks on these encryptions, Privacy and some commonly used algorithms like AES, DES,RSA,ECC etc. Security plays an indispensable role in Internet and networking applications. Information security plays a very crucial role in the aspect of data transfer. The best way to give security to our information is Cryptography. Depending on the communication and channel we have to choose the best algorithm from above. Nowadays both Symmetric and Asymmetric key encryption play a major role in Network Security. Here we even learned different types of Cryptographic attacks. We got to know many types of attacks and how they are work. Privacy has attracted the attention of internet users due to the increase in privacy breach incidents with time. Most of the breaches are due to inadequate security measures. Some of the ways to protect our privacy are discussed above. Those will help internet users have a better understanding of what will be required to protect from unauthorized intrusions and minimize the risk of being a victim of privacy breaches, information security continually evolves new issues and concerns as technology change.

REFERENCES#

  • Himani Agrawal and Monisha Sharma, “Implementation and analysis of various Symmetric Cryptosystems”, Indian Journal of science and Technology Vol.3, No.12, 2012.
  • Tingyuan Nie, and Teng Zhang ,”A Study of DES and Blowfish Encryption Algorithm”, IEEE, 2009.
  • W. Stallings, Cryptography and Network Security Principles and Practices Fourth Edition, Pearson Education, Prentice Hall, 2009
  • ”File Encryption and Decryption Using Secure RSA”, Rajan.S. Jamgekar, GeetaShantanu Joshi, International Journal of Emerging Science and Engineering (IJESE)ISSN: 2319–6378, Vol.1, No.4, 2013.
  • Manoj Kumar Pandey, et.all., “Survey Paper: Cryptography The art of Hiding Information”, International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), ISSN: 2278 – 1323, Vol.2, No.12, 2013.
  • “ElGamal Digital Signature Algorithm of Adding a Random Number”, Xiaofei Li, Xuanjing Shen and Haipeng Chen, College of Computer Science and Technology, Jilin University, Changchun, China, Journal Of Networks, Vol.6, No.5, 2011.
An Analytical Study On Encryption And Privacy
https://blog.prabithgupta.com/posts/an-analytical-study-on-encryption-and-privacy/
Author
Prabith GS
Published at
2021-01-31
© 2023 Prabith GS. All Rights Reserved.