Cryptography in IT

8/12/2019 Cryptography in IT

1/48

ABSTRACT

Personal privacy is of utmost importance in the global networked world. One of the best tools to help people safeguard their personal information is the use of cryptography. In this research work we present new cryptographic algorithms thatemploy the use of asymmetric keys. The proposed algorithms encipher messageinto nonlinear equations using public key and decipher by the intended party using

private key. If a third party intercepted the message, it will be difficult to decipher it due to the multilevel ciphers of the proposed application. This research work implements a system for the application of Cryptography in InformationTechnology. owever, a general overview of cryptography and its various types is

provided and various algorithms are discussed. ! detailed review of the sub"ect of network security, hash key algorithm and cryptography in digital signatures is then

presented. The purpose of the research work is to develop a system that one can

used to demonstrate the application of cryptography in Information Technology.The #oftware methodology used is the $aterfall methodology.


2/48

CHAPTER ONEINTRODUCTION

1.1BACKROUND OF STUDY

%ata #ecurity is one of the ma"or concerns of every organi&ation today,

information are store in different location, un'authori&ed access to such

information can reduce the integrity of such information and also users can

easily temper with such data in order to avoid a situation where system

administrator and un'authori&ed users who gain access to such information, is

good to make the information un'meanifull so that he(she will not temper with

the integrity of such information. !lso Information that are communicate over

the web are not secured if such information are not properly secured since

computer hackers can access such information before it get to the recipient and

thereby the integrity of such information is violated, in order to secured our

information the need to employed the use of cryptography and ash key

algorithm becomes a sub"ect of focus in this research work, Cryptography is the

science of using mathematics to encrypt and decrypt data. Cryptography

enables you to store sensitive information or transmit it across insecure

networks )like the Internet* so that it cannot be read by anyone e+cept the

intended recipient. $hile cryptography is the science of securing data,

Cryptanalysis is the sci ence of analy&ing and breaking secure communication.


3/48

Classical cryptanalysis involves an interesting combination of analytical

reasoning, application of mathematical tools, pattern finding, patience,

determination, and luck. Cryp tanalysts are also called attackers. Cryptology

embraces both cryptography and cryptanalysis. ! related discipline is

Stegan grap!y , which is the science of hiding messages rather than making them

unreadable. #teganography is not cryptography it is a form of coding. It relies

on the secrecy of the mechanism used to hide the message. If, for e+ample, you

encode a secret message by putting each letter as the first letter of the first word

of every sentence, it-s secret until someone knows to look for it, and then it

provides no security at all. There are two kinds of cryptography in this world/

cryptography that will stop your kid sister from reading your files, and

cryptography that will stop ma"or governments from reading your files )#trong

and $eak cryptography*.

Cryptography can be strong or weak, as e+plained above. Cryptographic

strength is measured in the time and resources it would require to recover the

plainte+t. The result of strong cryptography is cipher te+t that is very difficult

to decipher without possession of the appropriate decoding tool. ow

diffi cult0 1iven all of today-s computing power and available time2even a

billion computers doing a billion checks a second2it is not possible to

decipher the result of strong cryptography before the end of the universe.


4/48

One would think, then, that strong cryptography would hold up rather well

against even an e+tremely determined cryptanalyst. $ho-s really to say0 3o

one has proven that the strongest encryption obtainable today will hold up

under tomorrow-s computing power. owever, the strong cryptography

employed by P1P is the best available today. 4igilance and conservatism will

protect you better, however, than claims of impenetrability.

! cryptographic algorithm, or cipher, is a mathematical function used in the

encryption and decryption process. ! cryptographic algorithm works in

com bination with a key2a word, number, or phrase2to encrypt the plainte+t.

The same plainte+t encrypts to different cipher te+t with different keys. The

security of encrypted data is entirely dependent on two things/ the strength of

the cryptographic algorithm and the secrecy of the key. ! cryptographic

algorithm, plus all possible keys and all the protocols that make it work,

comprise a cryptosystem.

1." STATE#ENT OF PROB$E#S

5asically in most organi&ation today data security is at a very low level where

information of the organi&ation are kept in form of files in the cabinet,

information of such lack security since un'authori&ed users can easily gain

access to such information and the integrity of such information is lost, even in

some organi&ation that have automated system the system lacks security since


5/48

even the system administrator can easily temper with the information. It is

necessary to secure information. 6ven in our email system today there are

attacks against password where one can guess user password, also spyware are

developed that steals user password and store it in the system where the original

owner can access those password thereby the integrity of such email is violated.

7any systems break because they rely on user'generated passwords. 8eft to

themselves, people don9t choose strong passwords. If they9re forced to use strong

passwords, they can9t remember them. If the password becomes a key, it9s usually

much easier''and faster''to guess the password than it is to brute'force the key

we9ve seen elaborate security systems fail in this way. #ome user interfaces make

the problem even worse/ limiting the passwords to eight characters, converting

everything to lower case, etc. 6ven passphrases can be weak/ searching through

:;'character phrases is often much easier than searching through


6/48

1.% AI#S AND OB&ECTI'ES

This research work is aims at discussing the application of cryptography in

Information Technology.

The Ob"ectives of the research work is to develop a system that will secure data

using cryptography and encryption algorithm so that the system will attains the

following goals.

C n(i)entiality / Information can only be seen by authori&ed entities

Integrity / 6nsuring that information is not corrupted or alters by un'authori&ed

entities.

A*aila+ility, 1uaranteeing that the information is available to authori&ed

entities and !uthentication providing assurance of the identities of entities.

1.- SI NIFICANCE OF THE STUDY

#ecuring data is one of the ma"or things every organi&ation will want to do

since the information is very important for their day to day running of the

organi&ation. 6ncryption is one of the most important and most affordable

defenses available to a small business. If a hacker manages to get past all your

other security measures, good encryption properly used will stop him in his

tracks. The way most organi&ation information are temper with since there is no


7/48

standard security measure for securing such information, for an organi&ation

that have an automated system the database is not encrypted so any users that

have access to the database can easily temper with such information in order to

prevent such incident from happening the need to secure such data using

cryptography and hash key algorithm becomes a sub"ect of interest in these

research work, the use of cryptography and modern encryption techniques are

used to secure data.

1./ SCOPE OF THE STUDY

Cryptography in Information Technology for #ecuring data communication is a

$indows based model of software system for cryptographic protection of data in

distribution information systems. It uses symmetrical and asymmetrical algorithms

and provides the following services. The scope of the research work covers the

following as stated below.

identification and authentication of users

identification and authentication of applications

cryptographic protection on file and block data levels

digital signature

access control to cryptographic functions

logs


8/48

Cryptographic application program interface )C!PI*.

1.0 $I#ITATION OF THE STUDY

The system is limited to securing data using the e+isting modern encryption

algorithms such as !6# )!dvanced encryption standard*,%6#)%igital

encryption standard*, ash key algorithms e.t.c

1. RESEARCH #ETHODO$O Y

To achieve this research work, we employed the underlying technique to gather

data and analy&ed the data to accomplish the task. The #oftware methodology used

is the waterfall method. The waterfall model is a sequential design process, often

used in software development processes , in which progress is seen as flowing

steadily downwards )like a waterfall * through the phases of Conception, Initiation,

!nalysis , %esign , Construction, Testing , Production(Implementation and

7aintenance. The unmodified =waterfall model=. Progress flows from the top to

the bottom, like a waterfall. The waterfall development model originates in the

manufacturing and construction industries/ highly structured physical

environments in which after'the'fact changes are prohibitively costly, if not

impossible. #ince no formal software development methodologies e+isted at the

time, this hardware'oriented model was simply adapted for software development.


9/48

1.2 DEFINITION OF TER#S

ENCRYPTION is the process of transforming information )referred to as

plainte+t * using an algorithm )called a cipher * to make it unreadable to anyone

e+cept those possessing special knowledge, usually referred to as a key

DECRYPTION / The reverse process, i.e., to make the encrypted information

readable again i.e., to make it unencrypted*

CRYPTO RAPHY, Is the science of using mathematics to encrypt and

decrypt data.

CRYPTANA$YSIS, Is the sci ence of analy&ing and breaking secure

communication.

STE ANO RAPHY, This is the science of hiding messages rather than making

them unreadable.
http://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Plaintexthttp://en.wikipedia.org/wiki/Algorithmhttp://en.wikipedia.org/wiki/Cipherhttp://en.wikipedia.org/wiki/Key_(cryptography)http://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Plaintexthttp://en.wikipedia.org/wiki/Algorithmhttp://en.wikipedia.org/wiki/Cipherhttp://en.wikipedia.org/wiki/Key_(cryptography)


10/48

CHAPTER T3O

$ITERATURE RE'IE3

".1 Re*ie4 ( Relate) 3 r5

)5ellare, et al. >;;;*#6C?@ITAB in this contemporary scenarios has become a

more sensible issue either it may be in @6!8 $O@8%B or in the CA56@

$O@8%B .in this world as opposed to the cyber world an attack is often preceded

by information gathering. 3etwork security is a complicated sub"ect, historically

only tackled by well'trained and e+perienced e+perts. owever, as more and more

people becomeB wired99, an increasing number of people need to understand the

basics of security in a networked world. Our paper covers different kinds of threats

firewalls in the network by implementation of different security services using

various security mechanisms. The security mechanisms are primarily based on

cryptographic algorithms like symmetric'%6#, !6#, asymmetric'@#!, 6CC.

1enerally, the logical conclusion is to use both kind of algorithms and their

combinations to achieve optimal speed and security levels. It is hoped that the

reader will have a wider perspective on security in general, and better understand

how to reduce and manage risk personally.


11/48

"." CRYPTO RAPHY

)Dimmermann, >;;E* One way to strengthen security in computer systems is to

encrypt sensitive records and messages in transit and in storage. The basic model

of a cryptographic system is illustrated in Figure below. The original unenciphered

te+t is called the plainte+t. The act of converting a plain te+t message to its

cipherte+t form is called enciphering )Potdar, >;;:*. In its cipher form, a message

cannot be read by anyone but the intended receiver. @eversing that act )i.e., cipher

te+t form to plain te+t message* is deciphering. 6nciphering and deciphering are

more commonly referred to as encryption and decryption, respectively.

Fig ".6 Data En7rypti n an) De7rypti n Pr 7ess

#ODERN KEY8BASED CRYPTO RAPHIC TECHNI9UESThere are several modern key'based cryptographic techniques. The two common

key based encryption techniques are symmetric and asymmetric key cryptography


12/48


13/48

"." ANA$YSIS OF THE E:ISTIN SYSTE#

Over the year data security has pose a lot problem as the result of unauthori&ed

access to relevant data. From the investigation gather from the e+isting system, it

was spell out that the method employed in data security where "ust mere password

of relevant document in directory. Password protection where the only measure

used to secure data from unauthori&ed user of the system, which can be overwrite

by hackers thereby e+posing data to unauthori&ed user.

".% AD'ANTA ES OF THE E:ISTIN SYSTE#

The e+isting system is easy to implement since the password does not

involved key or mathematical algorithm

%ata secured by mere password.

".- DISAD'ANTA ES OF THE E:ISTIN SYSTE#

#ince the e+isting system used only password protection the confidentiality

of the data is violated.

The e+isting may e+pose the content of the document to hackers because of

weak password employed by the user of the system.

There is no integrity of data

!uthentication and the accuracy of data is not guarantee
http://en.wikipedia.org/wiki/Algorithmhttp://en.wikipedia.org/wiki/Algorithm


14/48

"./ THE PROPOSE SYSTE#

The design for the combining two different techniques is purely based on the idea

distort the message and hide the e+istence of the distorted message and for getting

back the original message retrieve the distorted message and regain the actual

message by reversal of the distortion process. ere we design the system with

three modules

For Cryptography ash key algorithm ' Crypto 7odule

For #teganography ' #tego 7odule For e+tra security ' #ecurity 7odule

The e+tra security module that we are providing make this system highly secured.

The process flow for the system is as follows/

Crypt # );le,

For Crypto 7odule the following steps are considered for encrypting the data

)@efer Fig;re".1 bit key )Jey G*.

1enerate Cipher Te+t in he+adecimal form.

Fig ".1 Crypt # );le


15/48

Se7;rity # );le,This is an intermediate module which provides an e+tra security features to

our newly developed system. This module is used to modify the cipher te+t

and to generate two e+tra keys. In the reverse process it regenerates the

original cipher te+t )@efer Fig;re"."< . 5efore the hiding process this module

works as follows/

#eparate the alphabets and digits from the cipher te+t.

Jeep track of the original position of the alphabet and the digits in the form

of a secret key )Jey K*.

#eparate first seven alphabets retrieved from first step and add the remaining

alphabets at the end of the separated digits as in the first step. This generates

the second key )Jey :*.


16/48

Fig "." Se7;rity # );le

Crypt # );le=Re*erse Pr 7ess


17/48

c* Two e+tra private generated keys for retrieving the original message.

".2 DISAD'ANTA E OF PROPOSED SYSTE#

igh Cost of Implementation

#ecurity can be breach since there is only two keys are require i.e public and

private key.

".? &USTIFICATION OF THE PROPOSED SYSTE#

5ased on the various benefits of the proposed system the system "ustification

encompass the cost of implementation even though the cost is high it will really

improve the process of developing a system that will reduce the rate at which

information are hacked and ensure the security of information that are sent.


18/48

CHAPTER THREE

SYSTE# DESI N

%.1 Syste> Design

#ystems design is the process of defining the architecture, components, modules,

interfaces, and data for a system to satisfy specified requirements . One could see it

as the application of systems theory to product development . There is some overlap

with the disciplines of systems analysis , systems architecture and systems

engineering . If the broader topic of product development =blends the perspective of

marketing, design, and manufacturing into a single approach to product

development,= then design is the act of taking the marketing information and

creating the design of the product to be manufactured. #ystems design is therefore

the process of defining and developing systems to satisfy specified requirements of

the user. ?ntil the GEE;s systems design had a crucial and respected role in the data

processing industry. In the GEE;s standardi&ation of hardware and software resulted

in the ability to build modular systems. The increasing importance of software

running on generic platforms has enhanced the discipline of software engineering .

Ob"ect'oriented analysis and design methods are becoming the most widely used

methods for computer systems design. The ?78 has become the standard
http://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Systemhttp://en.wikipedia.org/wiki/Requirementhttp://en.wikipedia.org/wiki/Systems_theoryhttp://en.wikipedia.org/wiki/Product_developmenthttp://en.wikipedia.org/wiki/Systems_analysishttp://en.wikipedia.org/wiki/Systems_architecturehttp://en.wikipedia.org/wiki/Systems_engineeringhttp://en.wikipedia.org/wiki/Systems_engineeringhttp://en.wikipedia.org/wiki/Product_developmenthttp://en.wikipedia.org/wiki/Systemhttp://en.wikipedia.org/wiki/Requirementhttp://en.wikipedia.org/wiki/Data_processinghttp://en.wikipedia.org/wiki/Data_processinghttp://en.wikipedia.org/wiki/Standardizationhttp://en.wikipedia.org/wiki/Modularity_(programming)http://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Object-oriented_analysis_and_designhttp://en.wikipedia.org/wiki/Unified_Modeling_Languagehttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Systemhttp://en.wikipedia.org/wiki/Requirementhttp://en.wikipedia.org/wiki/Systems_theoryhttp://en.wikipedia.org/wiki/Product_developmenthttp://en.wikipedia.org/wiki/Systems_analysishttp://en.wikipedia.org/wiki/Systems_architecturehttp://en.wikipedia.org/wiki/Systems_engineeringhttp://en.wikipedia.org/wiki/Systems_engineeringhttp://en.wikipedia.org/wiki/Product_developmenthttp://en.wikipedia.org/wiki/Systemhttp://en.wikipedia.org/wiki/Requirementhttp://en.wikipedia.org/wiki/Data_processinghttp://en.wikipedia.org/wiki/Data_processinghttp://en.wikipedia.org/wiki/Standardizationhttp://en.wikipedia.org/wiki/Modularity_(programming)http://en.wikipedia.org/wiki/Software_engineeringhttp://en.wikipedia.org/wiki/Object-oriented_analysis_and_designhttp://en.wikipedia.org/wiki/Unified_Modeling_Language


19/48

language in ob"ect'oriented analysis and design. It is widely used for modeling

software systems and is increasingly used for high designing non'software systems

and organi&ations.

%."O+@e7ti*es ( Design

The purpose of systems analysis and design is for a business to increase their

efficiency, because when you look at a current system you will see flaws that need

fi+ed and within the new system that you design you will take these into

consideration. ! new system will make the business more profitable. The

ob"ectives of this pro"ect are to be able to demonstrate the processes involve in the

application of cryptography in Information Technology for securing data

communication.


20/48

%.% #ain #en;

7ain 7enu/ $hich consist of a @ibbon with various tab

?sers !uthentication/ This handles the authentication of various users

that access the system

File 6ncryption/ This modules handle file encryption and decryption

Fig %.1 Crypt grap!i7 #ain #en;

Cryptography Main Menu

Data Encryption forSystem Setup

Decryption of Users That Log Into the

Encrypt &Decrypted UsersActivities and Fi es


21/48

%.-Inp;t ;tp;t Design

The input(output design specifies how data are entered and accepted by the system

for processing. The design specifies how the user interacts with the system to direct

the action to be taken. The types of input controls used are Te+tbo+es, Combo 5o+,

8ist 4iews and 7enus

Fig %." %ata 6ncryption ?sing Cryptography and ash Jey !lgorithmTechniques for both Te+t and Files of any Jind.


22/48

K.LO*erall Data Fl 4 Diagra>

Fig 3.3 Flow Diagram for the System

%.0 Alg rit!>s

P;+li7 5ey 7rypt grap!y

Public'key algorithms are asymmetric algorithms and, therefore, are based on the

use of two different keys, instead of "ust one. In public'key cryptography, the two

keys are called the private key and the public key


23/48

Pri*ate 5ey / This key must be known only by its owner.

P;+li7 5ey / This key is known to everyone )it is public *

Relati n +et4een + t! 5eys / $hat one key encrypts, the other one

decrypts, and vice versa. That means that if you encrypt something with my

public key )which you would know, because it9s public /'*, I would need my

private key to decrypt the message.

%.0.1 A se7;re 7 n*ersati n ;sing p;+li785ey 7rypt grap!y

In a basic secure conversation using public'key cryptography, the sender encrypts

the message using the receiver9s public key. @emember that this key is known to

everyone. The encrypted message is sent to the receiving end, who will decrypt the

message with his private key. Only the receiver can decrypt the message because

no one else has the private key. !lso, notice how the encryption algorithm is the

same at both ends/ what is encrypted with one key is decrypted with the other key

using the same algorithm.


24/48

Fig %.- 6ncryption !lgorithm Flow %iagram

%.0." Pr s an) 7 ns ( p;+li785ey syste>s

Public'key systems have a clear advantage over symmetric algorithms/ there is no

need to agree on a common key for both the sender and the receiver. !s seen in the

previous e+ample, if someone wants to receive an encrypted message, the sender

only needs to know the receiver9s public key )which the receiver will provide

publishing the public key in no way compromises the secure transmission*. !s long

as the receiver keeps the private key secret, no one but the receiver will be able to

decrypt the messages encrypted with the corresponding public key. This is due to

the fact that, in public'key systems, it is relatively easy to compute the public key

from the private key, but very hard to compute the private key from the public key

)which is the one everyone knows*. In fact, some algorithms need several months


25/48

)and even years* of constant computation to obtain the private key from the public

key.

Fig %./ Jey 1enerator


26/48

%. USE CASE DIA RA# FOR THE ENTIRE SYSTE#

SENDER

INTRUDER

RECIE'ER

Send Data to Users viaEmai or Fi e Transfer UsingFT! App ication

Data Encryption of Te"t andFi es #ith Secret $ey

Intruders that May Interceptdata Transfer

%o Access to a Third party$ey Access denied 'ecauseof strong cryptography

(eceive Message or ) es

Decrypt Fi es receive #itha !rivate $ey


27/48

%.2 C! i7e ( Pr gra>>ing $ang;age

7icrosoft 4isual 5asic.3et >;G; was used as the Front 6nd )?ser Interface

and my Programming 8anguage* tool because of its fle+ibility, bend ability

and very easy deploying application.


28/48

CHAPTER FOUR

SYSTE# I#P$E#ENTATION AND DOCU#ENTATION

-.1INTRODUCTIONThis is the coordination and controlling of the activities needed to put the

system in operation. The goal is to bring the proposed system to life. This

stage mainly involves installation of the hardware to support the system such

as the $eb #erver

The implementation of this system entails all those processes undertaken

from the conversion of the old system to the new system, final documents

compilation and users training. The overall system is user friendly i.e. it was

designed so that any level of user can easily use it without having any

problem.

-."SYSTE# RE9UIRE#ENTFor the effective running of the new system, the following are required a

client Operating #ystem/ ! server operating system such as $indows 4ista.

$indow H and above will host the application server that will contain the

files

7icrosoft %ot 3et Framework ).36T* :.;/ %ependencies used by the

!pplication resides here such as %ynamic 8inked 8ibraries )%88* files.


29/48

-.%PROCEDURE FOR SOFT3ARE INSTA$$ATION#teps to install the new system on a workstationG. Check if .36T :.; is installed by checking if this folder e+ists

=C/M$indowsM7icrosoft.36TMFrameworkMv:.;.K;KGE= )if not install

it*.>. %ouble Click on the setup.e+eK. Follow the $i&ard %ialog bo+ Instruction and click 3e+t.:. Click on Finish, when the software is completed.L. Open the !ll Program and click on Crypto.

-.-TESTIN

This is ensuring that the program runs as e+pected. Free of errors. The

system developed was not free of bugs. $e therefore employed the

following testing and debugging method to checks for errors.%esk Checking?nit TestingIntegration Testing!lpha Testing

5eta Testing

-.-.1 DESK CHECKINThis means reading through or checking the programs to make sure that it is

free from errors and that the logic works well )correctly* before it is entered

into the computer.

-.-." UNIT TESTINere the different modules are tested and the specifications produced

during design for the modules. ?nit Testing is essential for verification of


30/48

the goal and to test the internal logic of the modules. ?nit testing was

conducted to the different modules of the pro"ect. 6rrors were noted

down and corrected down immediately and the program clarity as

increased.

-.-.% INTE RATION TESTINIt is a systematic testing of constructing structure. !t the same time tests are

conducted to uncover errors associated with the interface. It need not be the

case, that software whose modules when run individually and showing

perfect results will also perfect results when run as a whole.

-.-.- A$PHA TESTIN#ome errors were not detected during desk checking, so we prepared some

test data with known output to test the program output if it tallies with the

e+pected result.

-.-./ BETA TESTINThis testing is done with real life data and real users. !t this stage, we tested

all possibilities that may lead to failure of the program. !fter testing of the

program and we are now sure that it is free from errors we proceeded to the

ne+t phase #ystem Implementation.

-./SYSTE# CON'ERSIONThis is the process of changing over from the old system of banking to the

new one secure method. There e+ist various conversion strategies, they

includePilot Conversion


31/48


32/48

This is defined as writing down the properties of the new system for

reference purpose. The design will be put in a file called #ystem

#pecification and it contains

%ata Input methods/ talking about the data required, data capture method,

data checking and control procedures.

%ata Output methods/ Information produced form the system whether

regular, e+ception or other reports.

-.2#AINTENANCE DETAI$S6very system out of usage will become out of sync with current trends and

cutting edge technologies. #ystem maintenance has to do with ad"usting and

improving the system performance, reliability, efficiency and effectiveness

through system audits, user feedback and periodic evaluation. It involves

updating and upgrading the system to keep pace with new products,

services, customer demand, and government regulations.

CHAPTER FI'ESU##ARY AND CONC$USION

/.1 SU##ARY


33/48

#torage systems are increasingly sub"ect to attacks. Cryptographic file systems

mitigate the danger of e+posing data by using encryption and integrity protection

methods and guarantee end'to'end security for their clients. This paper describes a

generic design for cryptographic file systems and its reali&ation in a distributed

storage'area network )#!3* file system. Jey management is integrated with the

meta'data service of the #!3 file system. The implementation supports file

encryption and integrity protection through hash trees. 5oth techniques have been

implemented in the client file system driver. $e also demonstrate that the overhead

is noticeable for some artificially constructed use cases, but that it is very small for

typical file system applications.

/." CONC$USION

The work accomplished during this pro"ect can be summari&ed with the following

points/ In this pro"ect we have presented a new system for the combination of

different cryptography algorithms using four keys which could be proven a highly

secured method for data communication in near future. #teganography, especially

combined with cryptography, is a powerful tool which enables people to

communicate without possible eavesdroppers even knowing there is a form of

communication in the first place. The main advantage of this #ystem is that the

method used for encryption, !6#, is very secure and the %CT transformation

#teganography techniques are very hard to detect.


34/48


35/48

%iaa, #.!.7, atem, 7.!.J and 7ohiy 7. . )>;G;*. 6valuating ThePerformance of #ymmetric 6ncryption !lgorithmsB International Journal of

Network Security, >;G;, G;)K*, pp.>GK'>GE

Figg. 5. )>;;:*. Cryptography and 3etwork #ecurity. Internet/http/(www.homepages.dsu.edu(figgw(CryptographyN>; N>;3etworkN>;#ecurity.ppt . 7arch G;G; .

Qakobsen T. and Jnudsen 8.@.. )>;;G*. !ttack on 5lock of Ciphers of 8ow!lgebraic %egree. Journal of Cryptography , 3ew Aork, 1 )K*, pp.GEH'>G;.

7ilenkovic 7.) GEE>.* !perating System" Concepts and #esign , 3ew Aork/7c1rew' ill, Inc.,

7oore 1.$.. )>;;G*. Cryptography 7ini'Tutorial. 8ecture notes ?niversity of 7aryland #chool of 7edicine. Internet/ http/((www.medparse.com(whatcryp.htm7arch G;;E .

@udolf %..)>;;E* %evelopment and !nalysis of 5lock Cipher and %6# #ystemB.Internet/ http/((www.cs.usask..ca(Rdtr:;;;,

$ang .. )>;;>*. #ecurity !rchitecture for The Teamdee #ystem. !n unpublished7#c Thesis submitted to Polytechnic Institution and #tate ?niversity, 4irginia,?#!.

Dimmermann P.@..) >;;E* !n Introduction to Cryptography. 1ermany/ 7IT press.!vailable/ http/((www.pgpi.org(doc(pgpintro, GEEL,

APPENDI: ASOURCE CODES

Imports System*Security*CryptographyImports System*Te"t

!u' ic C ass CryptoImp ements IDisposa' e

+(egion ,- o'a varia' es and initia i.ation,


36/48

/Add your g o'a varia' es here*

/Customi.e Su' %e# for your re0uirements*!u' ic Su' %e# 12

My3ase *%e#12End Su'

+End (egion

+(egion ,IDisposa' e imp ementation and re ated code,/%orma y this su' can 'e eft as is*!u' ic 4ver oads Su' Dispose12 Imp ements IDisposa' e *Dispose

Dispose1 True 2-C *SuppressFina i.e1 Me 2

End Su'

!rotected 4verrida' e 4ver oads Su' Dispose1 3y5a disposing As 3oo ean 2If disposing Then

/Free managed o'6ects*End If

/Free unmanaged o'6ects*/Set arge )e ds to nu *

End Su'

/%orma y this su' can 'e eft as is*!rotected 4verrides Su' Fina i.e12

Dispose1 Fa se 2End Su'

+End (egion

+(egion ,C ass speci)c code,!u' ic Event Crypto!rogress1 3y5a sender As 4'6ect 3y5a e As CryptoEventArgs 2!u' ic Event CryptoComp eted1 3y5a sender As 4'6ect 3y5a e As CryptoEventArgs 2

!u' ic Function 7ashStringTo3ase89String1 3y5a va ue As String 2 As String(eturn Me *7ashStringTo3ase89String1va ue %othing 2End Function

!u' ic Function 7ashStringTo3ase89String1 3y5a va ue As String 3y5a provider As 7ashA gorithm 2 As String

If va ue Is %othing 4rE se va ue : ,, Then Thro# %e# Argument%u E"ception 1,va ue, ,/va ue/ shou d not 'e %othing

1nu in C+2 or String*Empty*, 2End If

Dim 'ytes12 As 3yte

If provider Is %othing Then provider : %e# S7A;


37/48

!u' ic Function 7ashStringTo3yteArray1 3y5a va ue As String 3y5a provider As 7ashA gorithm 2 As 3yte 12



Dim 'ytes12 As 3yte

If provider Is %othing Then provider : %e# S7A;ey12 As 3yteDim memoryStream As I4*MemoryStreamDim cryptoStream As CryptoStreamDim header As StringDim output As String



If pass#ord Is %othing 4rE se pass#ord : ,, Then Thro# %e# Argument%u E"ception 1,pass#ord, ,/pass#ord/ shou d not 'e

%othing 1nu in C+2 or String*Empty*, 2End If

If provider Is %othing Then provider : %e# (i6ndae Managed

(eDim >ey1provider*Lega $eySi.es1?2*Ma"Si.e @ B Si.e : provider*Lega 3 oc>Si.es1?2*Ma"Si.e

pass#ord3ytes : Me *7ashStringTo3yteArray1pass#ord2Array *Copy1pass#ord3ytes >ey >ey*Length2

provider*$ey : >eyprovider*-enerateI512

header : Me *7ashStringTo3ase89String1 Convert *To3ase89String1pass#ord3ytes2& Convert *To3ase89String1provider*I522*!ad(ight1


38/48

If Type4f provider Is DESCryptoService!rovider Thenheader &: ,?12

output : header & Convert *To3ase89String1memoryStream*ToArray2

memoryStream*C ose12cryptoStream*C ear12provider*C ear12

(eturn outputEnd Function

!u' ic Function DecryptStringFrom3ase89String1 3y5a va ue As String 3y5a pass#ord As String 2 As String

Dim provider As SymmetricA gorithmDim pass#ord3ytes12 As 3yte

Dim >ey12 As 3yteDim memoryStream As I4*MemoryStreamDim cryptoStream As CryptoStreamDim output As String

If va ue Is %othing 4rE se va ue : ,, Then Thro# %e# Argument%u E"ception 1,va ue, ,/va ue/ shou d not 'e %othing 1nu in 532 orString*Empty*, 2

End If

If pass#ord Is %othing 4rE se pass#ord : ,, Then Thro# %e# Argument%u E"ception 1,pass#ord, ,/pass#ord/ shou d not 'e %othing 1nu in532 or String*Empty*, 2

End If

Se ect Case va ue*Su'string1=;9 =2Case ,?


39/48

End Se ect


pass#ord3ytes : Me *7ashStringTo3yteArray1pass#ord2

Array *Copy1pass#ord3ytes >ey >ey*Length2

provider*$ey : >eyprovider*I5 : Convert *From3ase89String1va ue*Su'string112

output : ASCIIEncoding *ASCII*-etString1memoryStream*ToArray2

memoryStream*C ose12cryptoStream*C ear12provider*C ear12


!u' ic Su' EncryptFi e1 3y5a inFi e As String 3y5a outFi e As String 3y5a pass#ord As String 2

Me *EncryptFi e1inFi e outFi e pass#ord %othing ?2End Su'

!u' ic Su' EncryptFi e1 3y5a inFi e As String 3y5a outFi e As String 3y5a pass#ord As

String 3y5a provider As SymmetricA gorithm 2Me *EncryptFi e1inFi e outFi e pass#ord provider ?2End Su'

!u' ic Su' EncryptFi e1 3y5a inFi e As String 3y5a outFi e As String 3y5a pass#ord As String 3y5a provider As SymmetricA gorithm 3y5a 'u erSi.e As Integer 2

Dim pass#ord3ytes12 As 3yteDim >ey12 As 3yteDim inStream As I4*Fi eStreamDim outStream As I4*Fi eStream


40/48

Dim cryptoStream As CryptoStreamDim position As LongDim ength As LongDim storage12 As 3yteDim 'ytes(ead As IntegerDim cea As CryptoEventArgsDim header As String

If 'u erSi.e : ? Then 'u erSi.e : =;8

If inFi e Is %othing 4rE se inFi e : ,, Then Thro# %e# Argument%u E"ception 1,inFi e, ,/inFi e/ shou d not 'e %othing


If outFi e Is %othing 4rE se outFi e : ,, Then Thro# %e# Argument%u E"ception 1,outFi e, ,/outFi e/ shou d not 'e




inStream : %e# I4*Fi eStream 1inFi e I4* Fi eMode *4pen I4* Fi eAccess *(eadI4*Fi eShare *%one 'u erSi.e G


41/48

If Type4f provider Is DESCryptoService!rovider Thenheader &: ,?ey12 As 3yteDim inStream As I4*Fi eStreamDim outStream As I4*Fi eStream


42/48

Dim cryptoStream As CryptoStreamDim position As LongDim ength As LongDim storage12 As 3yteDim 'ytes(ead As IntegerDim cea As CryptoEventArgsDim header1=;;2 As 3yteDim headerTe"t As String


If inFi e Is %othing 4rE se inFi e : ,, Then Thro# %e# Argument%u E"ception 1,inFi e, ,/inFi e/ shou d not 'e %othing


If outFi e Is %othing 4rE se outFi e : ,, Then Thro# %e# Argument%u E"ception 1,outFi e, ,/outFi e/ shou d not 'e




inStream : %e# I4*Fi eStream 1inFi e I4* Fi eMode *4pen I4* Fi eAccess *(eadI4*Fi eShare *%one 'u erSi.e G


43/48

End Se ect


pass#ord3ytes : Me *7ashStringTo3yteArray1pass#ord2

Array *Copy1pass#ord3ytes >ey >ey*Length2

provider*$ey : >eyprovider*I5 : Convert *From3ase89String1headerTe"t*Su'string112

cryptoStream*C ose12cryptoStream*C ear12outStream*C ose12inStream*C ose12

provider*C ear12

cea*EndTimeInterna : %o#(aiseEvent CryptoComp eted1 Me cea2cea*Dispose12

End Su'

!u' ic Function 7ashFi eTo3ase89String1 3y5a ) e As String 2 As String(eturn Me *7ashFi eTo3ase89String1) e %othing ?2


44/48

End Function

!u' ic Function 7ashFi eTo3ase89String1 3y5a ) e As String 3y5a provider As 7ashA gorithm 2 As String

(eturn Me *7ashFi eTo3ase89String1) e provider ?2End Function

!u' ic Function 7ashFi eTo3ase89String1 3y5a ) e As String 3y5a provider As 7ashA gorithm 3y5a 'u erSi.e As Integer 2 As String

Dim ) eStream As I4*Fi eStreamDim output As StringDim position As LongDim ength As LongDim storage12 As 3yteDim retStorage12 As 3yteDim 'ytes(ead As IntegerDim cea As CryptoEventArgs


If ) e Is %othing 4rE se ) e : ,, Then Thro# %e# Argument%u E"ception 1,) e, ,/) e/ shou d not 'e %othing 1nu

in C+2 or String*Empty*, 2End If

) eStream : %e# I4*Fi eStream 1) e I4* Fi eMode *4pen I4* Fi eAccess *(eadI4*Fi eShare *%one 'u erSi.e G


45/48

provider*C ear12

cea*EndTimeInterna : %o#(aiseEvent CryptoComp eted1 Me cea2cea*Dispose12


!u' ic Su' 4ver#riteFi e1 3y5a ) e As String 2Me *4ver#riteFi e1) e ? True 2

End Su'

!u' ic Su' 4ver#riteFi e1 3y5a ) e As String 3y5a 'u erSi.e As Integer 2Me *4ver#riteFi e1) e 'u erSi.e True 2

End Su'

!u' ic Su' 4ver#riteFi e1 3y5a ) e As String 3y5a de eteFi e As 3oo ean 2Me *4ver#riteFi e1) e ? de eteFi e2

End Su'

!u' ic Su' 4ver#riteFi e1 3y5a ) e As String 3y5a 'u erSi.e As Integer 3y5a de eteFi eAs 3oo ean 2

Dim ) eStream As I4*Fi eStreamDim position As LongDim ength As LongDim storage12 As 3yteDim cea As CryptoEventArgsDim ) es As Fi esDim random%um'er-enerator As (andom%um'er-enerator


If ) e Is %othing 4rE se ) e : ,, Then

Thro# %e# Argument%u E"ception 1,) e, ,/) e/ shou d not 'e %othing 1nuin C+2 or String*Empty*, 2End If

If de eteFi e Then) es : %e# Fi es) eStream : ) es*4penFi eForSecure4ver#rite1) e2

E se) eStream : %e# I4*Fi eStream 1) e I4* Fi eMode *4pen I4* Fi eAccess * rite

I4*Fi eShare *%one 'u erSi.e2End If

If ) eStream Is %othing Then Thro# %e# I4*I4E"ception 1,The ) e cou d not 'e opened for over#riting*, 2

End If random%um'er-enerator : random%um'er-enerator*Create

(eDim storage1'u erSi.e G


46/48

cea*3ytesTota Interna : ength

hi e position H engthIf ength B position H storage*Length Then

(eDim storage1 Convert *ToInt =1 ength B position B


47/48

C(EATEJAL A S : =4!E%JE ISTI%- : 4!E%JALA S : 9

T(U%CATEJE ISTI%- : ;End Enum

!rivate Enum F agsAndAttri'utesFILEJFLA-J (ITEJT7(4U-7 : &7 ???????FILEJFLA-J45E(LA!!ED : &79???????FILEJFLA-J%4J3UFFE(I%- : &7=???????FILEJFLA-J(A%D4MJACCESS : &7


48/48

Cryptography in IT

Documents