Page 44 - DCAP516_COMPUTER_SECURITY
P. 44
Computer Security
Notes 4. Encryption methods have historically been divided into ……………. categories.
5. In a ………………… cipher each letter or group of letters is replaced by another letter or
group of letters.
6. …………………………………. ciphers, in contrast, record the letters but do not disguise
them. Substitution ciphers and codes preserve the order of the plaintext but disguise them.
Transposition ciphers, in contrast, record the letters but do not disguise them.
4.3 Data Encryption Standard
In January 1977, the US government adopted a product cipher developed by IBM as its official
standard for unclassified information. A number of manufacturers implemented this encryption
algorithm known as the ‘Data Encryption Standard’ (National Bureau of Standards, 1977) in
hardware, thus making it fast. The availability of fast and cheap hardware, in turn, has stimulated
many other users to adopt DES. The explanation of the DES algorithm is beyond the scope of this
book. One way to strengthen DES is to insert random characters into the plaintext according to
the well defined rules. In addition, dummy messages can be inserted between the real ones
accordingly to get another rule. This principle is called a null cipher. Null ciphers are waste of
bandwidth but they are difficult to break. On leased private lines, there is something garbage
transmitted whenever the line is idle.
Key Protection
Although hiding the key from intruder is important, it is equally important to hide the key from
oneself. A corporation may not wish to delegate unlimited authority to any one employee. For
example, banks do not give the complete vault combination to any one employee. There are
techniques for sharing cryptographic keys among multiple employees in flexible ways (Shamir,
1979).
Now the problem is of setting up a secure communication between people who never earlier
communicated. Until Defie and Hillman’s (1976) article, all cryptographers simply took for
granted that both the encryption and decryption keys must be kept secret. What Defie and
Hillman proposed was to use an encryption algorithm, ‘E’, and a decryption algorithm, D, with
E and D chosen so that deriving D even given a complete description of E would be effectively
impossible. There are three requirements for this:
1. D (E (P)) = P.
2. It is exceedingly difficult to deduce D from E.
3. E cannot be broken by a chosen plaintext attack.
The method works like this – any person or organization wishing to receive secret messages,
first devices two algorithms, E and D, meeting the above requirements. The encryption algorithm
or key is then made public, hence named ‘public key encryption’. This might be done by putting
it in a file that anyone who wanted to, could read.
For example, A and B had no previous contact and want to establish secure communication. Both
A and B encryption keys, EA and EB respectively, are assumed to be in publicly readable file.
Now A takes his first message say P, computes EB (p) and sends it to B. Now B decrypts it by
applying its secret key DB [i.e., he computes DB (EB (P)) = P). No one else can read the encrypted
message, EB (P), because the encryption system is assumed strong and too difficult to derive DB
from the publicly known EB.
38 LOVELY PROFESSIONAL UNIVERSITY
