Describe and draw symatric cipher model and decrypt it also using play fair technic.
- Cryptographic algorithms provide the under lying tools to most security protocols used in today’s infrastructures. The choice of which type of algorithm depends on the goal that you are trying to accomplish, such as encryption or data integrity. These algorithms fall into two main categories: symmetric key and asymmetric key cryptography. In this essay, please discuss the strengths and weaknesses of symmetric key cryptography and give an example of where this type of cryptography is used Symatric Cipher Model. Then discuss the strengths and weaknesses of asymmetric key cryptography and give an example of where this type of cryptography is used.
Symmetric key encryption is a type of encryption that makes use of a single key for both the encryption and decryption process. Some of the encryption algorithms that use symmetric keys include: AES (Advanced Encryption Standard), Blowfish, DES (Data Encryption Standard), Triple DES, Serpent, and Twofish. If you want to apply symmetric key encryption to a file transfer environment, both the sender and receiver should have a copy of the same key. The sender will use his copy of the key for encrypting the file, while the receiver will use his copy for decrypting it. If you manage a secure file transfer server that only supports symmetric encryption and one of your users wants to encrypt a file first before uploading it, one of you (either the user or you, the server admin) should first generate a key and then send the other person a copy of that key. Symmetric key encryption doesn’t require as many CPU cycles as asymmetric key encryption, so you can say it’s generally faster. Thus, when it comes to speed, symmetric trumps asymmetric (Villanueva, 2015) Symatric Cipher Model.
Asymmetric key encryption, on the other hand, makes use of two keys. A private key and a public key. The public key is used for encrypting, while the private key is used for decrypting. Two of the most widely used asymmetric key algorithms are: RSA and DSA. If you’re going to use asymmetric key encryption in a file transfer environment, the sender would need to hold the public key, while the receiver would need to hold the corresponding private key. If you manage a file transfer server and one of your users wants to encrypt a file first before uploading it, it would typically be your duty to generate the key pair. You should then send the public key to your user and leave the private key on the server. Asymmetric keys simplify the key distribution process (Villanueva, 2015).
- Cryptography has been used in one form or another for over 4000 years and attacks on cryptography have been occurring since its inception. The type of people attempting to break the code could be malicious in their intent or could just be trying to identify weaknesses in the security so that improvements can be made Symatric Cipher Model. In your essay response, define cryptanalysis and describe some of the common cryptanalytic techniques used in attacks.
Cryptanalysis is the science of cracking codes and decoding secrets. It is used to violate authentication schemes, to break cryptographic protocols, and, more benignly, to find and correct weaknesses in encryption algorithms. Forging an encrypted signal to be accepted as authentic. People who have been able to discover the key will now want to use it to their advantage. There are many different attacks that may happen to obtain this information. Ciphertext only attack is a case in which only the encrypted message is available for attack, but because the language is known a frequency analysis could be attempted. Symatric Cipher Model. In this situation the attacker does not know anything about the contents of the message, and must work from ciphertext only. Know Plaintext attack both the plaintext and matching ciphertext are available for use in discovering the key. The attacker knows or can guess the plaintext for some parts of the ciphertext. For example, maybe all secure login sessions begin with the characters LOGIN, and the next transmission may be PASSWORD. The task is to decrypt the rest of the ciphertext blocks using this information. This may be done by determining the key used to encrypt the data, or via some shortcut. A chosen plaintext attack occurs when the attacker gains access to the target encryption device – if, for example, it is left unattended. The attacker then runs various pieces of plaintext though the device for encryption. This is compared to the plaintext to attempt to derive the key. In an adaptive chosen plaintext attack, the attacker not only has access to the plaintext and its encryption, but can adapt or modify the chosen plaintext as needed based on results of the previous encryptions. In a chosen ciphertext attack, the cryptanalyst can choose different ciphertexts to be decrypted and has access to the decrypted plaintext. This type of attack is generally applicable to attacks against public key cryptosystems. An adaptive chosen ciphertext attack involves the attacker selecting certain ciphertexts to be decrypted, then using the results of these decryptions to select subsequent ciphertexts. The modifications in the ciphertext help in deciphering the key from the decryptions. Cryptographic communications and key exchange protocols are susceptible to an attack in which the attacker is able to place himself on the communication line between two parties. In the “man-in-the-middle attack” the attacker is able to position himself to intercept the key exchange between two parties. He performs his own key exchange with each Symatric Cipher Model. Then, with both parties thinking they have set up a secure channel, the attacker decrypts any communications with the proper key, and encrypts them with the other key for sending to the other party. The parties think that they are communicating securely, but in fact the adversary is reading everything. Preventing a man-in-the-middle attacks is possible if both sides compute a cryptographic hash function of the key exchange, sign it using a digital signature algorithm, and send the signature to the other side. The recipient then verifies that the hash matches the locally computed hash and the signature came from the desired other party. Side channel attacks are a type of attacks based on implementation details such as timing, power, and radiation emissions. By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. A brute force attack involves trying all possible keys until hitting on the one that results in plaintext. This can involve significant costs related to the amount of processing required to try quadrillions (in the case of DES) of keys. The time required is a factor of how many keys can be tried per unit of time, which is a factor of how many computers can be assigned to the task in parallel. Because computers are getting faster all the time. The unit of measure for comparison purposes is million-instructions-per-second per year. It is the number of instructions a million-instructions-per-second computer can execute in one year. Moore’s Law states that processing speed doubles every 18 months. As a result, advances in technology and computing performance will always make brute force an increasingly practical attack on keys of a fixed length (Heward, 2014) Symatric Cipher Model.
- Many people overlook the importance of physical security when addressing security concerns of the organization. Complex cryptography methods, stringent access control lists, and vigilant intrusion detection/prevention software will be rendered useless if an attacker gains physical access to your data center. Site and facility security planning is equally important to the technical controls that you implement when minimizing the access, a criminal will have to your assets. In your essay response, define CPTED and describe how following the CPTED discipline can provide a more aesthetic alternative to classic target hardening approaches. Make sure that the three CPTED strategies are covered in your response Symatric Cipher Model.
CPTED is the proper design and effective use of the built environment that can lead to a reduction in the fear and incidence of crime, and an improvement in the quality of life. Three different concepts that are used to define CPTED are natural access control, natural surveillance, and territorial reinforcement. Natural access control design features that clearly indicate public routes and discourage access to private structural elements. The elements decrease an opportunity for crime by creating in an offender a perception of unacceptable risk when attempting access to private areas Symatric Cipher Model. Natural surveillance design features that increase the visibility of a property. These features maximize the ability of persons in the area to see persons in the vicinity and avoid trouble and allow external activates to be seen from adjacent building structures by persons who could call for help. Lastly territorial reinforcement design features that clearly indicate public and private structural elements of a property. An individual will develop a sense of territoriality for a space with frequent activities in an area, a sense of ownership. The sense of territory and ownership by an individual is reinforced through regularly scheduled activities, inspections, and maintenance. Target hardening is the use of mechanical devices such as locks and alarms, organized crime prevention strategies make an area harder to access buy may have a tendency to make the inhabitants feel unsafe. This technique is the opposite of natural which reflects crime prevention as a byproduct from normal and routine use of an environment. Target hardening often happens after crime has been committed Symatric Cipher Model. The integration of similar, but customer service oriented CPTED strategies in the initial environment design may be as effective, but less threatening (Krehnke,2009).
Heward, G. (2014, January 26). Cryptanalysis and Attacks. Retrieved January 24, 2017, from https://www.experts-exchange.com/articles/12460/Cryptanalysis-and-Attacks.html
Krehnke, M. (2009). Crime Prevention through Environmental Design. Retrieved January 25, 2017, from http://www.infosectoday.com/Articles/CPTED.htm
Villanueva, J. C. (2015, March 15). Managed File Transfer and Network Solutions. Retrieved January 24, 2017, from http://www.jscape.com/blog/bid/84422/Symmetric-vs-Asymmetric-Encryption Symatric Cipher Model.