Tuesday, 23 August 2011

paper presentation on network security and cryptography


Paper  presentation
                  on

NETWORK SECURITY                                                    USING
QUANTUM CRYPTOGRAPHY

Brahmaiah College of Engineering

 


Presented by           
P.Dileep kumar
          cse
lV B.Tech

e.mail :dileepkumar.paidipati@gmail.com

























l.Bupathi
     cse
lV B.Tech






ABSTRACT
The question, “How to build a secure system?” baffled everyone who are currently enjoying the services provided by recent trends and technological developments achieved in the field of computers, especially the “Internet”. No doubt, gaining access to Internet and its services is quite simple, by just using gateways, dial-up connections, and ISP. But beneath this, the problems of security come as the information may be lost, stolen or corrupted. So, if the question “Why should one hack my PC?” is always backing at your mind, then there is a definite scope to challenge the “Bad guys” who want to break down the layers of security defenses. But there is no single foolproof solution for building such a secured system. Our security has to be a layered structure and that should start all the way from the selection of the Operating System even.
In this paper we mainly concentrated on Cryptography Science. We briefly discussed various Cryptographic Systems i.e., Symmetric and Asymmetric key Cryptography and their limitations. Owing to the drawbacks of basic                          Cryptographic Systems, our focus turned towards Quantum Cryptography whose strength, secrecy and privacy lies in the Laws of Physics than current state of unproven mathematical assumptions in Classical Cryptography. The core of the paper contains the detailed description of the fundamentals of Quantum Cryptography and how this concept overcomes the loopholes in Conventional Cryptographic System, especially “The Key Distribution Problem”. Finally we moved over to Commercial Implementations of Quantum Cryptography paving the path to Research Scope in this arena.




















                                       








  CONTENTS

1. INTRODUCTION

2. OVERVIEW OF NETWORK SECURITY
        2.1 Security Threats
        2.2 Security Services
        2.3 Layers of security defence

3. CLASSICAL CRYPTOGRAPHY
        3.1 Types of cryptographic algorithms
        3.2 Symmetric key encryption
        3.3 Asymmetric key encryption

4. QUANTUM CRYPTOGRAPHY
        4.1 Fundamentals
        4.2 Polarization by filter
        4.3The BB84 Quantum Key Distribution Protocol
5. LIMITATIONS OF QUANTUM CRYPTOGRAPHY
6. COMMERCIAL IMPLEMENTATIONS
7. CONCLUSION
8. REFERENCES















INTRODUCTION
In the early years of development of Internet protocols, stress was given more towards ubiquitous connectivity and guaranteed delivery of data. Once the Internet usage started increasing, the focus turned towards adding quality of service. Finally with the evolution of WWW back in 1991, the Internet has changed the human life phenomenally. People started participating in interactive environment, irrespective of geographical boundaries, within no time. As the Internet usage exploded, it became a medium even for financial transactions such as online banking. No doubt, the conveniences and the services provided by Internet are awesome but the inconveniences are ominous, really threatening. This is better understood by the practical example which  happened earlier this year, ”Slammer” infected the first few PCs, 8.5 sec after it was discovered; in 11 min it had corrupted 75,000 systems worldwide. Thus the world started feeling the heat of exploitation of security holes in the Internet. Even as late as early nineties, Internet security was not of concern but soon it became an issue of paramount importance. If Internet has to survive and grow, Internet security is a must.

OVERVIEW OF NETWORK SECURITY
Gaining access to Internet services is quite simple task. Depending upon user requirements or the application type he is running, one can either go for ISPs, dial-up connections using telephone line and modem or if he is simple PC owner, he can go for  hourly based Internet access packages which are rightly now available in the market. In fact, statistically saying, it is expected that over 175 millions of computers are supposed to be on Internet by the end of 2003.See,”How people are really getting acquainted with the Internet usage! ” .What ever might be the way with which one is enjoying the Internet services, there is an equal probability that the system might be under the attack of hackers.
The following are security threats may be caused .

Security Threats:
Security threats can be inflicted in the form of passive attack and active attack.
1) Passive Attack: A passive attack is one in which the attacker eavesdrops and listens to the message exchanges but does not modify the message contents in any way. Even if the messages are encrypted, the attacker is able to do traffic analysis on the stream of data exchanged.
Some of the threats under this category are:
i)        Unauthenticated access
ii)      Unauthorized access
iii) Spoofing (fabrication or impersonation)
iv) Attack (making resources unavailable)
v) Malicious software

2) Active Attack: An active attack is one in which the attacker modifies the messages exchanged, delete selected messages, replay old messages, introduce new messages into the stream of message exchanges or impersonate one end of the conversation.
Some threats under this category are:
i)                    Interception or sniffing
ii)                   Modification
iii)                 Denial of action (repudiation)
Security Services:
Security threats can be mitigated by providing security services like the following
  1. Integrity
  2. Authentication
  3. Confidentiality
  4. Non-Repudiation
  5. Access Control
  6. Availability
Layers of Security Defence: There is no single foolproof solution for stopping security attacks. There has to be multiple layers of defense against the security attacks. The first level of defense at the gateway to an enterprise is Firewall and VPN. The Anti Virus traditionally had been the solution at end-point (Desktops). The second level of defense is Intrusion Detection System (IDS). Intrusion refers to the set of activities performed to compromise security. Intrusion detection is a process of identifying intrusions. IDS is an intrusion detection tool. It is a passive device which collects all the message exchanges going on through the network, analyze them and notify the administrator if there is a likelihood of any intrusions. It is up to the administrator to react and take corrective steps to stop any more damage. Note that it does not prevent any attacks.


Vendors are coming out with Intrusion Prevention systems (IPS) which not only detect intrusions but prevent them too. It provides real time response to the security threats. The next level of defense is Cryptography, which is the core of the paper.

CLASSICAL CRYPTOGRAPHY
In the last ten years, the Internet has enjoyed tremendous success connecting a large number of households and businesses with each other. This has created enormous economic possibilities. However, this economic potential can only be fully realized if the need for secure (i.e., safe against eavesdropping) transmission of data over the inherently insecure and open Internet can be satisfied. Cryptography addresses this need.
According to the Merriam-Webster Dictionary Online the term cryptography can mean “secret writing”, “the enciphering and deciphering of messages in secret code or cipher”, or “cryptanalysis”  (which in turn is defined as “the solving of cryptograms or cryptographic systems” or “the theory of solving cryptograms or cryptographic systems : the art of devising methods for this”).In the remainder of this paper we will be concerned with the last two aspects of cryptography. More specifically, we will describe different algorithms of enciphering and deciphering messages - also called ciphers - and the vulnerabilities of the various ciphers to cryptanalysis.
Throughout this paper, we will make continued use of the following standard scenario: Alice and Bob wish to exchange messages without eavesdropper Eve, who has complete access to the communication channel between Alice and Bob, being able to discern the content of these messages. This is called a secure exchange of messages.


Types of Cryptographic Algorithms
The two types of cryptographic algorithms that will be briefly discussed in this section are: symmetric key encryption and asymmetric key encryption. Both schemes utilize trapdoor one-way functions to encipher and decipher messages. One-way functions are mathematical functions that are easy to compute in one direction but are (believed) to be very difficult to inverse. Here, the inverse of a function is considered difficult (easy) to calculate if the time it takes to accomplish this task grows exponentially (polynomially) with the size (often expressed as the number of bits) of the input.
In symmetric and asymmetric key encryption the concept of trapdoor one-way functions is applied as follows:

A key and a cleartext message are used as the input to a trapdoor one-way function to generate ciphertext. A key (not necessarily the same key as before) and the ciphertext are then used as input to the inverse of the trapdoor one-way function to recover the cleartext message.
The major difference between symmetric and asymmetric key encryption lies in the way the necessary keys are generated and distributed.

Symmetric Key Encryption:
Symmetric key encryption uses the same cryptographic algorithm and the same key to encipher and decipher messages. The key is chosen pseudo-randomly from a subset of all possible key values. As opposed to the one-time pad, symmetric key encryption uses the same key repeatedly to encipher and decipher messages. This makes it inherently less secure than the one-time pad since in its most straightforward implementation the same plaintext will result in the same ciphertext. Special care has to be taken to circumvent this problem. Other problems with symmetric key encryption include the secure generation of keys and, since the same key is used to encipher and decipher messages, the secure distribution of keys to both Alice and Bob.
Examples of commonly used symmetric key encryption algorithms are Data Encryption Standard (DES), 3DES, Rivest Cipher (RC-4), and International Data Encryption Algorithm (IDEA).

Asymmetric Key Encryption:
Asymmetric key encryption is also known as public key encryption. As the name implies, it requires two different but mathematically related keys, one to encipher a message and the other corresponding key to decipher the message. Since one of the keys is known publicly, it is called the public key. The other key has to be kept private with one or the other party to the secure communication. It is therefore referred to as the private key. This system works analogous to a drop mailbox with two locks. The owner of the mailbox provides everybody with a key for dropping mail into his box, but only he has the key to open it and read the messages inside.
A very popular asymmetric key encryption algorithm is RSA. A most basic secure exchange of messages between Alice and Bob using asymmetric key encryption will proceed as follows:
1) Alice and Bob agree on a particular asymmetric key encryption method.
2) Both Alice and Bob generate their own, separate public/private key pairs.
3) Alice and Bob exchange their public keys.
4) Alice uses Bob’s public key to encipher a message and sends it to Bob.
5) Bob uses his private key to decipher the message.
6) Bob enciphers a reply using Alice’s public key.
7) Alice deciphers the reply using her private key.
The advantage of asymmetric key encryption is that it solves the key distribution problem that plagues symmetric key algorithms. No secret keys are ever exchanged - only public keys. However, the private keys are still vulnerable to compromise. Also asymmetric key encryption is too slow for many high bandwidth communications.
            Though the systems avoid the key distribution problem, unfortunately their security depends on unproven mathematical assumptions about the intrinsic difficulty of certain operations. The most popular public key cryptosystem, RSA (Rivest-Shamin-Adleman), gets its security from the difficulty of factoring large numbers. This means that if ever mathematicians or computer scientists come up with fast and clever procedures for factoring large numbers, then the whole privacy and discretion of widespread cryptosystems could vanish overnight. Indeed, recent work in quantum computation suggests that in principle quantum computers might factorize huge integers in practical times, which could jeopardize the secrecy of many modern cryptography techniques.


QUANTUM CRYPTOGRAPHY
Fundamentals:
The foundation of quantum cryptography lies in the Heisenberg uncertainty principle, which states that certain pairs of physical properties are related in such a way that measuring one property prevents the observer from simultaneously knowing the value of the other. In particular, when measuring the polarization of a photon, the choice of what direction to measure affects all subsequent measurements. For instance, if one measures the polarization of a photon by noting that it passes through a vertically oriented filter, the photon emerges as vertically polarized regardless of its initial direction of polarization. If one places a second filter oriented at some angle q to the vertical, there is a certain probability that the photon will pass through the second filter as well, and this probability depends on the angle q. As q increases, the probability of the photon passing through the second filter decreases until it reaches 0 at q = 90 deg (i.e., the second filter is horizontal). When q = 45 deg, the chance of the photon passing through the second filter is precisely 1/2. This is the same result as a stream of randomly polarized photons impinging on the second filter, so the first filter is said to randomize the measurements of the second.
 
Polarization by a filter:
 Un-polarized light enters a vertically aligned filter, which absorbs some of the light and polarizes the remainder in the vertical direction. A second filter tilted at some angle q absorbs some of the polarized light and transmits the rest, giving it a new polarization. A pair of orthogonal (perpendicular) polarization states used to describe the polarization of photons, such as horizontal/vertical, is referred to as a basis. A pair of bases are said to be conjugate bases if the measurement of the polarization in the first basis completely randomizes the measurement in the second basis, as in the above example with q = 45 deg. It is a fundamental consequence of the Heisenberg uncertainty principle that such conjugate pairs of states must exist for a quantum system.
                       

If a sender, typically designated Alice in the literature, uses a filter in the 0-deg/90-deg basis to give the photon an initial polarization (either horizontal or vertical, but she doesn't reveal which), a receiver Bob can determine this by using a filter aligned to the same basis. However if Bob uses a filter in the 45-deg/135-deg basis to measure the photon, he cannot determine any information about the initial polarization of the photon.
                       
These characteristics provide the principles behind quantum cryptography. If an eavesdropper Eve uses a filter aligned with Alice's filter, she can recover the original polarization of the photon. But if she uses a misaligned filter she will not only receive no information, but will have influenced the original photon so that she will be unable to reliably retransmit one with the original polarization. Bob will either receive no message or a garbled one, and in either case will be able to deduce Eve's presence.

The BB84 Quantum Key Distribution Protocol
In this section we will use the following notation:
“|” denotes a photon in a vertically polarized state.
.” denotes a photon in a horizontally polarized state.
“/” denotes a photon in a 45 degree polarized state.
“\” denotes a photon in a 135 degree polarized state.
“+” denotes the pair of states {|,.}, also called the +- basis.
“X” denotes the pair of states {\, /}, also called the x-basis.
Let us further assume that Alice and Bob have agreed to associate the binary digit 1 with the states | and \, respectively, and the binary digit 0 with the states • and /, respectively.
Here quantum key distribution protocol requires two communication channels: a quantum communication channel which transmits the photons, such as a standard fiber-optic cable, and a classical communication channel, such as a phone line, e-mail, etc. Here, the classical communication channel is used to ascertain whether confidentiality on the quantum channel has been breached  and to facilitate error correction and privacy amplification It is assumed that Eve has unlimited computing power and complete access to both communication links, except that she cannot impersonate either Alice or Bob on the classical communication channel .
With this setup , the BB84 quantum key distribution protocol proceeds through the following steps:
 1) Alice sends a stream of individual photons in one of the four polarization states |, •, /, or \ to Bob. Alice picks each photon’s polarization state randomly and independently.
                       
2) For each photon, Bob randomly chooses either the +-basis or the x-basis and measures the polarization of the photon in that basis.
                       
3) For each photon, Bob records the basis he used and the result of the polarization measurement.
4) Through the classical communication channel, Bob communicates to Alice for each


photon his choice of basis, but not the result of his polarization measurement.
5) Still through the classical communication channel, Alice tells Bob which photon was measured in the correct basis.
6) Both, Alice and Bob, discard the polarization data that correspond to those photons that were not measured in the correct basis.
7) Both, Alice and Bob, translate the valid polarization data into a string of bits according to the association of polarization states with the binary digits 0 and 1 that they agreed to earlier. This way Bob and Alice arrive at what is called the sifted key . Note that neither Alice nor Bob actually picked a key before their communication took place. Rather, the key is the result of the combined random choices that Alice and Bob make during the course of their communication.
                       
Since Bob’s chance of picking the correct basis is about 50%, the length of the sifted key is about ½ of the total number of photons that Alice sent to Bob.





The following table provides an illustration of the BB84 protocol in use

Alice sends to Bob
/
.
.
|
\
.
\
/
|
/
|
|
Bob measures with
+
+
x
+
x
X
+
+
+
x
+
x
Bob’s results
.
.
\
|
\
/
|
|
|
/
|
\
Valid data

.

|
\



|
/
|

Sifted key

0

1
1



1
0
1



Limitations of Quantum Cryptography
A number of technical challenges still remain in quantum cryptography. The following discussion will be brief and follow.
1)  Single Photon generating systems
2) Deterministic Random number generation by computers
3) Quantum repeaters to strengthen the photons
4) Low transmission rate
Commercial Implementations of Quantum Cryptography
During the past year two commercial products implementing the BB84 quantum key distribution protocol have been launched.
One of the products is providing a VPN gateway claiming a 70mile transmission distance through standard fiber-optic cable with a key refresh rate of up to 100 new keys per second.
The other product is providing a point-to-point quantum key distribution hardware system. It claims a 40mile key distribution distance over standard optical fiber with a key distribution rate of up to 1Mbit/s. However, the key distribution performance degrades over long distances, being only 100bits/s for distances of 50km. This device also offers a random number generator that is based on a random physical process.
Commercial efforts are also under way to develop a quantum key distribution network infrastructure. Companies that are active in this arena include BBN Technologies and a Swiss partnership formed between Wisekey SA, OISTE, and idQuantique.
Another technology that seems poised to make the leap from basic research to commercial product development is free-space quantum cryptography.


CONCLUSION
            Quantum cryptography promises to revolutionize secure communication by providing security based on the fundamental laws of physics, instead of the current state of mathematical algorithms or computing technology. There is no doubt that there are still quite difficult technical problems to overcome, such as its limited range and low transmission rate, before it will find widespread use in today’s network infrastructure. The devices for implementing such methods exist and the performance of demonstration systems is being continuously improved. Within the next few years, if not months, such systems could start encrypting some of the most valuable secrets of government and industry.
            As a final word, we know that future is going to be networked everywhere .Hence “Network Security” is gaining importance globally. So with everyone’s operation and with consistent practices, will it be achievable. No doubt, Science and Technology develops day by day. We need to utilize the advancements in emerging fields of Science and Technology to come up with highly secured and consistent practices so that we can challenges at the Bad guys, who want to break down our layers of security defense.


REFERENCES
v  "Quantum Cryptography" –by Charles H. Bennett, Gilles Brassard, and  Artur K. Ekert. 
v  “Securing any time any where information”-- by   Gaurav Vaidya
v  “ Network security white papers”  --by  interhack /pubs
v  “Quantum cryptography: public key distribution and coin tossing”-- by                  Bennett, C. H. and G. Brassard.
v  “Quantum Cryptography and Privacy Amplification”-- by Goldwater, S.
v   “Hackers beware: quantum encryption is coming”-- by Johnson, R. Colin.
v  “Quantum Is Key To New Securi

v ty Alliance”-- Johnson, R. Colin.

No comments:

Post a Comment