Cryptography
Download as PPT, PDF1 like1,079 views
This document provides an overview of cryptography concepts including symmetric and asymmetric encryption algorithms, hashing, digital signatures, and public key infrastructure (PKI). Symmetric algorithms like AES use a shared secret key for encryption and decryption while asymmetric algorithms like RSA use separate public and private keys. Digital signatures combine hashing and asymmetric encryption to provide data integrity, non-repudiation and authentication. PKI establishes trust in public keys through a system of digital certificates issued by a trusted certification authority.
Cryptography
- 1. Cryptography A Tutorial on Cryptography By: Er. Chetan Goyal Contact for more tutorials on other topics of ethical hacking [email protected] [email protected] Or visit www.windowwares.blogspot.com
- 2. Cryptography • This module includes Related terms Symmetric key cryptography Asymmetric Key cryptography PKI and Digital signatures Demonstration: how SSL works.. 2
- 3. Cipher • Cipher is the actual algorithm. • We can use cipher and algorithm interchangeably. 3
- 4. More definitions • Cryptosystem • Encompasses all of the necessary components of encryption and decryption » Softwares » Protocols » Algorithms • Plain text – readable data • Cipher text – encrypted data 4
- 5. Caesar Cipher • Julius Caesar, 49 BC – Securely communicate with friends • Simple Substitution cipher – Shift alphabet 3 characters. 5
- 6. Caesar Cipher Example • Substitution 6 Plaintext: ET TU BRUTE Shift Algorithm 3 characters Cipher text: HW WX EUXWH
- 7. Symmetric Encryption • Single key – - Shared secret • Examples Data Encryption Standard (DES) – - Block Cipher, 56 bit key – - Triple DES 112 bit key Advanced Encryption Standard (AES) - Rijndael Algorithm • Belgian cryptographers, Joan Daemen and Vincent Rijmen. - 128, 192, 256 bit keys 7
- 8. Symmetric Key Encryption • Symmetric key encryption is based on substitution and transposition • Each algorithm consist many substitution and transposition “rounds” • Symmetric key encryption is mostly used for bulk or mass encryption. 8
- 9. Key and Algorithm Relationship • Algorithm consist many static equations (functions) or rounds these rounds are basically mathematical formulas – substitution and transposition. • Key will decide which function/s or block/s, their order, values should be used to encrypt or decrypt data. 9
- 10. Key Size • Does key size really matter ? • Why and how • Key space – total number of bits available for key generation • So for 64 bits we have 2 power 64. • For 128 bits we have 2 power 128 • So the larger the key space, the more values an attacker has to bruteforce. 10
- 11. Types of Symmetric Cipher • Block Cipher – text is divided into blocks, and each block is encrypted individually • Eg: AES, DES, 3DES etc. • Stream cipher – stream is used instead of blocks, synchronization of encryption and decryption ends is needed • Eg: RC4, RC5 11
- 12. Symmetric Encryption Example 12 Dear Bob: How about coming over to my place at 1:30? Love, Alice Dear Bob: How about coming over to my place at 1:30? Love, Alice Alice Bob decryptencrypt 011100111001001 110011100111001 001110000111111 ciphertext
- 13. Symmetric cipher downfalls • Key management • Does not provide non repudiation and digital signature facilities 13
- 14. Asymmetric Key Cryptography • Two mathematically related keys – Unable to derive one from the other – Encrypt with one – decrypt with other • Public Key Cryptography – One (public) key published for all to see – Other (private) key kept secret • Algorithms – RSA - Integer Factorization (large primes) – Diffie-Hellman - Discrete Logarithms – ECES - Elliptic Curve Discrete Logarithm 14
- 15. Asymmetric Encryption Example 15 Dear Carol: I think Alice is having an affair with Bob. I need to see you right always. Love, Ted Dear Carol: I think Alice is having an affair with Bob. I need to see you right always. Love, Ted Mohan Jagmohan encrypt decrypt Jagmohan's Private KeyJagmohan's Public Key 011100111001001 110011100111001 001110000111111 ciphertext
- 16. Asymmetric Advantages • No shared secret key • Public key is public – Can be freely distributed or published – Key management is much easier • Private key known ONLY to owner – Less vulnerable, easier to keep secret • Supports Non-repudiation – Sender can not deny sending message 16
- 17. Asymmetric Disadvantage • 1000 times slower than Symmetric encryption so can’t use for bulk encryption. 17
- 18. Non-repudiation • Since only the sender knows their private key, only the sender could have sent the message. • Authentication mechanism • Basis for Digital Signature 18
- 19. Hash Function • Hash Function are like CRC functions but are more then CRC (mathematically) • Hash provide integrity check • Hash functions generate finger prints for a given data, a little change to data will result completely different fingerprint. (non guessable) • When hash function generate same fingerprint for different data, known as collision or birthday attack • Hash functions are one way functions 19
- 20. Examples of Hash Functions • MD5 • SHA - 1 • SHA - 256 20
- 21. Digital Signature • Combines one-way secure hash functions with public key cryptography – Hash function generates fixed length value – No two documents produce the same hash value – Secure Hash Algorithm 1 (SHA-1) • Characteristics – Data Integrity - hash value – Non-repudiation – encrypted with private key – Does NOT provide confidentiality 21
- 22. Digital Signature Creation 22 Dear Mr. Ted: We have asked the Court to issue a restraining order against you to stay away from Carol. Sincerely, Sue Yew Dewey, Cheatam & Howe, Law Firm Dear Mr. Ted: We have asked the Court to issue a restraining order against you to stay away from Carol. Sincerely, Sue Yew Dewey, Cheatam & Howe, Law Firm encrypt Sue's Private Key Hash Function Sue 0F47CEFF AE0317DB AA567C29 Hash Value 0101011110000110101 1011110101111010111 Digital Signature
- 23. Digital Signature Validation 23 Dear Mr. Ted: We have asked the Court to issue a restraining order against you to stay away from Carol. Sincerely, Sue Yew Dewey, Cheatam & Howe, Law Firm 0101011110000110101 1011110101111010111 Sue's Public Key decrypt 0F47CEFF AE0317DB AA567C29 0F47CEFF AE0317DB AA567C29 Signature is valid if the two hashes match
- 24. Source of Public Key • Can be on a server (common server) • With PGP - embedded into mail 24
- 25. But • How do you know for sure who is the owner of a public key? 25
- 26. Public Key Infrastructure • Public Key Infrastructure (PKI) provides the means to bind public keys to their owners and helps in the distribution of reliable public keys in large heterogeneous networks. NIST 26
- 27. Public Key Certificates • Digital Certificates – Binds a public key to it's owner – Issued and digitally signed by a trusted third party – Like an electronic photo-id • Follows X509 V3 standard – RFC 2459 27
- 28. X509 V3 Basic Fields • Owner's X.500 distinguished name (DN) – C=US;O=GOV;O=NIH;OU=CIT;CN=Mark Silverman • Owner's public key • Validity period • Issuer's X.500 distinguished name 28
- 29. PKI Components • Certification Authority (CA) • Registration Authority (RA) • Repository • Archive • Users 29
- 30. Certification Authority (CA) • TRUSTED third party • Issues Certificates – Creates and signs them – Publishes current certificates • Issues Certificate Revocation Lists (CRLs) – List of invalid (revoked) certificates – Online Certificate Status Protocol (OCSP) • Maintains archives of status information • May retain copy of data encryption private key, for purposes of key recovery – government requirement 30
- 31. Registration Authority (RA) • Verify certificate contents for CA – Identity proofing – RA's public key known to CA • A CA may have multiple RAs 31
- 32. Certificate Policy (CP) • A high level document that describes the security policy for issuing certificates and maintaining certificate status information. • Describes operation of the CA. • Defines user's responsibilities for requesting, using and handling certificates and keys. 32
- 33. Certification Practice Statements (CPS) • A highly detailed document that describes how a CA implements a specific CP. • Specifies the mechanisms and procedures that are used to achieve the security policy. • Effectively the CA's operations manual. 33
- 34. Conclusion • Enabling technology for E-Gov – Data Confidentiality – Data Integrity – Non-repudiation • Technology is complicated – But not unmanageable • Difficulty is in establishing trust – 20% technology – 80% policy 34