Download Symmetric Key Algorithms Part2-Information Technology-Lecture Handout and more Exercises Information Technology in PDF only on Docsity!
Lesson 24
SYMMETRIC KEY ALGORITHMS
Cryptographic algorithms are measured in terms of key length. Following is the list of some popular symmetric key algorithms:
DES (Data Encryption Standard) – 56 bits IDEA (International Data Encryption Algorithm (IDEA) – 128 bits RC2 – (block cipher) 1-2048 bits RC4 (stream cipher) – 1-2048 bits Rinjdael – 128-256 bits
Attacks on Symmetric Key Algorithms
Following attacks have been reported on symmetric key algorithms: Key Search Attacks Cryptanalysis System-based Attacks
Key Search (Brute Force) Attacks
In this type of attack an attempt is made by the attacker to decrypt the message with every possible key. Thus, the greater the key length, the more difficult it is to identify the key.
Cryptanalysis
Encryption algorithms can be defeated by using a combination of sophisticated mathematics and computing power so that many encrypted messages can be deciphered without knowing the key. Such type of an attack is called cryptanalysis.
System-Based Attacks
In it the attack is made on the cryptographic system that uses the cryptographic algorithm without actually attacking the algorithm itself.
Public Key Algorithms
Following is the list some popular public key algorithms:
DSS – Digital Signature Standard based on DSA (Digital Standard Algorithm) – key length is between 512-1024 bits RSA Elliptic Curves
Attacks on Public Key Algorithms
Key Search Attacks
The public key and its corresponding private key are linked with each other with the help of a large composite number. These attacks attempt to derive the private key from its corresponding public key using that number. According to an estimate 1024 bit RSA public key may be factored due to fast computers by
2020. Note that both symmetric and asymmetric algorithms are based on different techniques. In case of docsity.com
asymmetric algorithms the increase in key length does not much increase the difficulty level for the attacker as compared to symmetric algorithms. Thus, a 128-bit RC2 symmetric key may prove to be much stronger than a 1024 bit RSA asymmetric public key.
Analytical Attacks
Such attacks use some fundamental flaw in the mathematical problem on which the encryption system itself is based so as to break the encryption.
Quantum computing is the branch of computer science that deals with the development of cryptographic algorithms. It can also be used to find flaws in the cryptographic system/algorithms and to launch attacks.
Electronic Payment Systems
Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality and security of the payment information. Some of the popular payment systems on internet include the credit-card based payment systems, electronic checks, electronic cash, micro-payment systems (milicent, payword etc.)
The Process of Using Credit Cards
It may be useful to see how payment is made through a credit card in the traditional sense. Fig. 1 below shows the steps to be followed in this regard:
Issuer Bank
Cardholder Account
Acquirer Bank
Merchant Account
Card Brand
Card Holder
1.Issue Credit Card
Merchant
- Show Credit Card
- Capture
- Authorization
1.Issue Credit Card
6. Amount Transfer 5. Payment Request
Fig. 1
- A potential cardholder requests an issuing bank in which the cardholder may have an account, the issuance of a card brand (like Visa or MasterCard). The issuing bank approves (or denies) the application. If approved, a plastic card is physically delivered to the customer’s address by mail. The card is activated as soon as the cardholder calls the bank for initiation and signs the back of the card.
- The cardholder shows the card to a merchant whenever he or she needs to pay for a product or service.
- The merchant then asks for approval from the brand company (Visa etc.) and the transaction is paid by credit. The merchant keeps a sales slip.
docsity.com
may acknowledge this fact to the buyer by email and sends the goods, and also sends transaction details to FV (steps 4 & 5). FVIPSS or simply FV server sends email to the buyer if the goods were satisfactory (step 6). There are three possible answers to that (step 7). If the answer is “accept” then the payment proceeds, in case the answer is “reject” it means that either the goods have not been received or the buyer is not satisfied with the quality of goods. Then the payment is not made to the merchant. If the answer indicates “fraud” it means that the goods were never ordered. In such an eventuality the FVIPSS immediately blacklists Virtual PIN so that it cannot be used in the future.
Time period may be a few minutes to a few days for answering the email in step no. 6 above, otherwise FV shall proceed to arrange the payment. If a Virtual PIN has been stolen and the buyer does not indicate fraud within the time period for answering the said email the bogus transactions are possible before the Pin is finally blacklisted. A stolen credit card number can also be used to set up Virtual PIN associated with an email address controlled by the attacker to carry out bogus transactions.
docsity.com
