ENCRYPTION : THE ART OF CRYPTOGRAPHY

Introduction:

Cryptography is a Method of Storing and transferring data by Encoding it into a Unreadable format Where No one can Understand the actual Approach of the Message. In This Tutorial, We’ ll learn about Various Cryptographic Functions used in real time Applications.

The Main FrameWork of the Cryptography:

PlainMessage — Encryption — CipherMessage— Decryption — PlainMessage

Man In The Middle Attack:

It is a Attack where a Hacker interrupts the existing communication of a PC (user) and Web Server (website) and gain access to the Private information that are exchanged between them.

In Cryptography, fictional characters are often used to decribe the Principle of the Attack. Here, I would like to demonstrate this attack with Alice & Bob (Often used for Sender/Reciever) and Mallet ( a malicious attacker).

Consider Alice and Bob each exchanging and transferring informations to themselves. Mallet comes in to the middle of the communication without their Knowledge, and starts to encrypt and read all the information. Here, the attacker try to gain data from the two Parties.

Actual Vs Interrupt Communication
A Typical Example:
Bob sends a data to Alice, mallet encrypts the data and he alters the data before it is received to Alice. Now Alice receives the Altered data sent by Mallet, thinking that the data was actually Sent by Bob. In reply Alice shares her data, which is noticed by Mallet, and Yes! There occurs a Mutual Attack.

So Let’s Look quickly on how hackers secretly monitor a Communication / Network.


“Does this mean that the tutorial intends to teach a individual how to hack someone else’s System? The Answer Will be YES! because If you don’t hack your Own system, then who else Will ? If you don’t Know what it is You will never Know How to Prevent from it. Hackers use Several vulnerable tools to perform MITM Attack.“

One of the Most common Tools used for exploiting this attack is WireShark. Here is a Step-by Procedure for a WireShark Attack

  1. Download and install WireShark , a open source software which is used to troubleshoot and analyse network protocol.
  2. go to Capture — > Start option from menu
  3. Type FTP at the filter option to filter FTP connections
  4. Now Find the UserName and password and Target victim’s FTP Account
Sniffing Victim’s FTP Account

CounterMeasures:

  1. The Best defense Technique to prevent these sniffing is to build a Strong Encryptions.
  2. Never Use the Open Wifi Routers. This Would be a Cake walk for Hackers.
  3. Avoid Using http Protocols , Use Browser plugin such as ForceTLS

The Attack Mentioned above can be only implemented when the key for Encryption is same as the key for decryption.This is called Symmetric Encryption.

This Man in the Middle Attack can be completely Prevented by “ Public — Private Cryptography “ in which it uses one Key for Encryption and Another Key for Decryption. This is called Asymmetric Encryption.

RSA Encryption & its Mystery

RSA Encryption follows Public — Private Cryptography Method in which the given message is Encrypted in One key(Public key) that can be Only decrypted with the same Pair of Other Key (Private Key).

Public Key — Shared to Everyone
Private Key — Kept Private

This Method Implies on the Mystery of Prime Numbers, which means there is no largest prime number still. RSA Algorithm is based on a combinations of Possible Largest Prime Number.

  1. Consider P and Q as two Largest Random Prime Number. Multiply these prime numbers to get a Product N
  2. Choose Another Random Number ‘e’ for which (P-1) * ( Q-1) is Co Prime to the number ‘e’.
  3. Consider a Number D as the modular inverse of ‘e’
  4. Form Public Key ( N, e ) & Private Key ( N, D)
Relationship : D = 1 / e ( 1 mod (P-1) * ( Q-1) )

Encryption with Python:

We need Some Modules to access those methods. Import sys, os, rabinMiller, random, cryptograph Modules

import random, math, rabinMiller, cryptomath

First Create Random Prime Numbers P and Q (should be Much Larger ). For this We call methods already defined in rabinMiller.py. This Method is used to return the largest possible prime number for a Key-bit (say 1024). Assign the return Value to Variables P and Q.

# Here, k is Considered to be 1024

P = rabinmiller.generatePrimeNumber(k)
Q = rabinmiller.generatePrimeNumber(k)
N = P* Q

Multiply the P and Q to get a Product N. Next, We have to create a Random Prime Number ‘e’ that is co-prime to P-1 * Q-1. To choose a Random Number use randrange from random module.


random.randrange( range Start_Pos, range End_Pos, Increment)

# increment is Optional


e = random.randrange(2 ** (k-1), 2 ** (k))
if cryptomath.gcd(e, (P -1) * (Q -1)) == 1:
break

#Selecting Range from 2¹⁰²³ to 2¹⁰²⁴.

Euclid’s GCD Algorithm is used here from cryptomath module for the Number e and (P -1) * (Q -1). if It is True then break the statement. Now Find the inverse of the e to be stored in D.

D = cryptomath.findModInverse(e, (P — 1) * (Q — 1))

Here, Extended Euclidean Algorithm is used in which findModInverse(a,b) is already defined in cryptomath module. Finally, Return the Values in two tuples namely PublicKey and PrivateKey. and Thats it !

PublicKey=( N, e )
PrivateKey=( N, D )
return ( PublicKey, PrivateKey )

RSA Encryption Keeps the Internet Secured and Safe and it is used still now for secure data transmission. It is widely used in Modern Digitial Signatures.

When you are Visiting a Website and its address is likely to be Starting with https:// then RSA cryptosystem is used there to Validate the Certificates.

SSL Certificates, are Provided for Every Website if it practices a effective Communication between a Web Server and PC’s.

Conclusion:

The Above Mentioned RSA Algorithms is just One of the Fragment in Encryption. It can be Implemented in pycrypto Module more wisely.

Hope You Have Understood About the Cryptographic Encryptions. We cannot Assure that Every Cryptographic Algorithm is always Secured! What can go Wrong, Will Always go Wrong. So Better Stay Safe and Secured.

Thanks !