SlideShare a Scribd company logo

cryptography.pptcryptography.pptcryptography.ppt

Download as PPT, PDF
S
ssuserc7a853

cryptography.ppt

Education
1 of 31
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Computer Security MIS 604 – IT Solutions to Business Problems Spring 2002 Secure Communication - Cryptography
• Well established needs for secure communication – War time communication – Business transactions – Illicit Love Affairs • Requirements of secure communication 1. Secrecy – Only intended receiver understands the message 2. Authentication – Sender and receiver need to confirm each others identity 3. Message Integrity – Ensure that their communication has not been altered, either maliciously or by accident during transmission Secure Communication
• Cryptography is the science of secret, or hidden writing • It has two main Components: 1. Encryption – Practice of hiding messages so that they can not be read by anyone other than the intended recipient 2. Authentication – Ensuring that users of data/resources are the persons they claim to be and that a message has not been surreptitiously altered Cryptography
• Cipher is a method for encrypting messaged • Encryption algorithms are standardized & published • The key which is an input to the algorithm is secret – Key is a string of numbers or characters – If same key is used for encryption & decryption the algorithm is called symmetric – If different keys are used for encryption & decryption the algorithm is called asymmetric Encryption - Cipher Plain Text Encryption Algorithm Key A Key B Cipher Text Plain Text Decryption Algorithm
• Algorithms in which the key for encryption and decryption are the same Cryptography is the – Example: Caesar Cipher • Types: 1. Block Ciphers – Encrypt data one block at a time (typically 64 bits, or 128 bits) – Used for a single message 2. Stream Ciphers – Encrypt data one bit or one byte at a time – Used if data is a constant stream of information Encryption - Symmetric Algorithms
• Strength of algorithm is determined by the size of the key – The longer the key the more difficult it is to crack • Key length is expressed in bits – Typical key sizes vary between 48bits and 448 bits • Set of possible keys for a cipher is called key space – For 40-bit key there are 240 possible keys – For 40-bit key there are 2128 possible keys – Each additional bit added to the key length doubles the security • To crack the key the hacker has to use brute-force (i.e. try all the possible keys till a key that works is found) – Super Computer can crack a 56-bit key in 24 hours – It will take 272 times longer to crack a 128-bit key (Longer than the age of the universe) Symmetric Encryption – Key Strength
• Caesar Cipher is a method in which each letter in the alphabet is rotated by three letters as shown Symmetric Algorithms – Caesar Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • Let us try to encrypt the message – Attack at Dawn Assignment: Each student exchange a secret message with their closest neighbor about some other person in the class and the neighbor will decipher it.
Symmetric Algorithms - Caesar Cipher Encryption Plain Text Message: Attack at Dawn Cipher Text Message: Dwwdfn Dw Gdyq Cipher: Caesar Cipher Algorithm Key (3) Decryption Plain Text Message: Attack at Dawn Cipher Text Message: Dwwdfn Dw Gdyq Cipher: Caesar Cipher Algorithm Key (3) How many different keys are possible?
• Any letter can be substituted for any other letter – Each letter has to have a unique substitute • There are 26! pairing of letters (~1026 ) • Brute Force approach would be too time consuming – Statistical Analysis would make it feasible to crack the key Symmetric Algorithms - Monoalphabetic Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z M N B V C X Z A S D F G H J K L P O I U Y T R E W Q Encrypted Message: Nkn, s gktc wky. mgsbc Message: Bob, I love you. Alice Cipher: Monoalphabetic Cipher Key
• Developed by Blaise de Vigenere – Also called Vigenere cipher • Uses a sequence of monoalpabetic ciphers in tandem – e.g. C1, C2, C2, C1, C2 • Example Symmetric Algorithms - Polyalphabetic Cipher Encrypted Message: Gnu, n etox dhz. tenvj Message: Bob, I love you. Alice Cipher: Monoalphabetic Cipher Key Plain Text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C1(k=6) F G H I J K L M N O P Q R S T U V W X Y Z A B C D E C1(k=20) T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
• Goal of DES is to completely scramble the data and key so that every bit of cipher text depends on every bit of data and ever bit of key • DES is a block Cipher Algorithm – Encodes plaintext in 64 bit chunks – One parity bit for each of the 8 bytes thus it reduces to 56 bits • It is the most used algorithm – Standard approved by US National Bureau of Standards for Commercial and nonclassified US government use in 1993 • Cracking the DES code – In 1997 it was cracked in 140 days – In 1999 it was cracked in 14 hours • To improve security Triple-DES has been created – It uses the DES algorithm multiple times in tandem Data Encryption Standard (DES)
• Any exposure to the secret key compromises secrecy of ciphertext • A key needs to be delivered to the recipient of the coded message for it to be deciphered – Potential for eavesdropping attack during transmission of key Symmetric Encryption – Limitations
• Uses a pair of keys for encryption – Public key for encryption – Private key for decryption • Messages encoded using public key can only be decoded by the private key – Secret transmission of key for decryption is not required – Every entity can generate a key pair and release its public key Asymmetric Encryption Plain Text Cipher Public Key Private Key Cipher Text Plain Text Cipher
• Two most popular algorithms are RSA & El Gamal – RSA • Developed by Ron Rivest, Adi Shamir, Len Adelman • Both public and private key are interchangable – El Gamal • Developed by Taher ElGamal • Potential for eavesdropping attack during transmission of key • Efficiency is lower than Symmetric Algorithms – A 1024-bit asymmetric key is equivalent to 128-bit symmetric key Asymmetric Encryption
• Slow compared to symmetric Encryption • It is problematic to get the key pair generated for the encryption. • Vulnerable to man-in-the-middle attack – Hacker could generate a key pair, give the public key away and tell everybody, that it belongs to somebody else. Now, everyone believing it will use this key for encryption, resulting in the hacker being able to read the messages. If he encrypts the messages again with the public key of the real recipient, he will not be recognized easily. Asymmetric Encryption - Weaknesses Bob David Bob’s Message + Public key Cipher David’s Public Key Trudeau (Middle-man) Trudeau’s Message + public key Cipher Trudeau’s Public Key Bob’s Encrypted Message Trudeau’s Encrypted Message David’s Message + public key Cipher Trudeau’s Encrypted Message Bob’s Public Key Trudeau’s New Message + public key Cipher Trudeau’s Encrypted Message David’s Public Key
• Used to improve efficiency – Symmetric key is used for encrypting data – Asymmetric key is used for encrypting the symmetric key Asymmetric Encryption – Session-Key Encryption Plain Text Cipher (DES) Session Key Recipient’s Public Key Cipher Text Encrypted Key Cipher (RSA) Send to Recipient
• Pretty Good Privacy (PGP) – Used to encrypt e-mail using session key encryption – Combines RSA, TripleDES, and other algorithms • Secure/Multipurpose Internet Mail Extension (S/MIME) – Newer algorithm for securing e-mail – Backed by Microsoft, RSA, AOL • Secure Socket Layer(SSL) and Transport Layer Socket(TLS) – Used for securing TCP/IP Traffic – Mainly designed for web use – Can be used for any kind of internet traffic Asymmetric Encryption – Encryption Protocols
• Key agreement is a method to create secret key by exchanging only public keys. • Example – Bob sends Alice his public key – Alice sends Bob her public key – Bob uses Alice’s public key and his private key to generate a session key – Alice uses Bob’s public key and her private key to generate a session key – Using a key agreement algorithm both will generate same key – Bob and Alice do not need to transfer any key Asymmetric Encryption – Key Agreement Cipher (DES) Session Key Cipher (DES) Bob’s Public Key Alice’s Public Key Bob’s Private Key Alice’s Private Key Alice and Bob Generate Same Session Key!
Diffie-Hellman Mathematical Analysis Bob & Alice agree on non-secret prime p and value a Generate Secret Random Number x Compute Public Key ax mod p Compute Public Key (ay )x mod p Generate Secret Random Number y Compute Public Key ay mod p Compute Public Key (ax )y mod p Bob Alice Identical Secret Key Bob & Alice exchange public keys
• Diffie-Hellman is the first key agreement algorithm – Invented by Whitfield Diffie & Martin Hellman – Provided ability for messages to be exchanged securely without having to have shared some information previously – Inception of public key cryptography which allowed keys to be exchanged in the open • No exchange of secret keys – Man-in-the middle attack avoided Asymmetric Encryption – Key Agreement contd.
• Authentication is the process of determining the authenticity of a message or user. • Two types of authentication: – Authentication of the identity presented by a remote or application participating in a session – Authentication of the sender’s identity is presented along with a message. Authentication
• Use of secret character string only known to user and server • Problems with password based authentication: – Attacker learns password by social engineering – Attacker cracks password by brute-force and/or guesswork – Eavesdrops password if it is communicated unprotected over the network – Replays an encrypted password back to the authentication server Authentication – Password Based
• Set of rules that governs the communication of data related to authentication between the server and the user • Techniques used to build a protocol are – Transformed password • Password transformed using one way function before transmission • Prevents eavesdropping but not replay – Challenge-response • Server sends a random value (challenge) to the client along with the authentication request. This must be included in the response • Protects against replay – Time Stamp • The authentication from the client to server must have time-stamp embedded • Server checks if the time is reasonable • Protects against replay • Depends on synchronization of clocks on computers – One-time password • New password obtained by passing user-password through one-way function n times which keeps incrementing • Protects against replay as well as eavesdropping Authentication Protocols
Authentication – Kerberos
• Personal Tokens are hardware devices that generate unique strings that are usually used in conjunction with passwords for authentication • Different types of tokens exist – Storage Token: A secret value that is stored on a token and is available after the token has been unlocked using a PIN – Synchronous one-time password generator: Generate a new password periodically (e.g. each minute) based on time and a secret code stored in the token – Challenge-response: Token computes a number based on a challenge value sent by the server – Digital Signature Token: Contains the digital signature private key and computes a computes a digital signature on a supplied data value • A variety of different physical forms of tokens exist – e.g. hand-held devices, Smart Cards, PCMCIA cards, USB tokens Authentication – Personal Tokens
• Uses certain biological characteristics for authentication – Biometric reader measures physiological indicia and compares them to specified values – It is not capable of securing information over the network • Different techniques exist – Fingerprint Recognition – Voice Recognition – Handwriting Recognition – Face Recognition – Retinal Scan – Hand Geometry Recognition Authentication – Biometrics
• Probability of two irises producing exactly the same code: 1 in 10 to the 78th power • Independent variables (degrees of freedom) extracted: 266 • IrisCode record size: 512 bytes • Operating systems compatibility: DOS and Windows (NT/95) • Average identification speed (database of 100,000 IrisCode records): one to two seconds Authentication – Iris Recognition The scanning process takes advantage of the natural patterns in people's irises, digitizing them for identification purposes Facts
• A message digest is a fingerprint for a document • Purpose of the message digest is to provide proof that a document has not been tampered with. • Hash functions used to generate message digests are one way functions that have following properties – It must be computationally infeasible to reverse the function – It must be computationally infeasible to construct two messages which which hash to the same digest • Some of the commonly used hash algorithms are – MD5 – 128 bit hashing algorithm by Ron Rivest of RSA – SHA & SHA-1 – 162 bit hashing algorithm developed by NIST Authentication – Message Digests
• A digital signature is a data item which accompanies or is logically associated with a digitally encoded message. • It has two goals – A guarantee of the source of the data – Proof that the data has not been tampered with • A digital signature is created with a persons private key and verified by their public key Authentication – Digital Signatures Message Sent to Receiver Digest Algorithm Digital Signature Sent to Receiver Message Digest Sender’s Private Key Sender’s Public Key Message Digest Signature Algorithm Signature Algorithm Digest Algorithm Message Digest Sender Receiver Same?
• A digital certificate is a signed statement by a trusted party that another party’s public key belongs to them. – This allows one certificate authority to be authorized by a different authority (root CA) • Top level certificate must be self signed • Any one can start a certificate authority – Name recognition is key to some one recognizing a certificate authority – Verisign is industry standard certificate authority Authentication – Digital Certificates Identity Information Certificate Authority’s Private Key Sender’s Public Key Signature Algorithm Certificate
• Chaining is the practice of signing a certificate with ainother private key that has a certificate for its public key – Similar to the passport having the seal of the government • It is essentially a person’s public key & some identifying information signed by an authority’s private key verifying the person’s identity • The authorities public key can be used to decipher the certificate • The trusted party is called the certificate authority Authentication – Certificate Chaining Certificate Authority’s Private Key Signature Algorithm New Certificate Certificate

More Related Content

PPT
Introduction to cryptography and Network Security
DhanapalM8
 
PDF
Fundamentals of Cryptography: Securing Data in the Digital Age
avengersimran16
 
PPT
CryptographyCryptographyCryptography.ppt
AntareepMajumder
 
PPT
Computer systems security 7-cryptography.ppt
stephen972973
 
PPT
cryptography.ppt
AkshayaPriyaJanartha
 
PPT
9-crypthvvy6u7btyjibuibuibryjijighhnm.ppt
vikashbharati917
 
PPT
Computer security communication networking cryptography .ppt
tipurple7989
 
PPT
introduction to cryptography and its basic techniques
AneelSoomro1
 
Introduction to cryptography and Network Security
DhanapalM8
 
Fundamentals of Cryptography: Securing Data in the Digital Age
avengersimran16
 
CryptographyCryptographyCryptography.ppt
AntareepMajumder
 
Computer systems security 7-cryptography.ppt
stephen972973
 
cryptography.ppt
AkshayaPriyaJanartha
 
9-crypthvvy6u7btyjibuibuibryjijighhnm.ppt
vikashbharati917
 
Computer security communication networking cryptography .ppt
tipurple7989
 
introduction to cryptography and its basic techniques
AneelSoomro1
 

Similar to cryptography.pptcryptography.pptcryptography.ppt (20)

PPT
computer literacy works papers and pencil ew 9-crypt.ppt
dumaguitlouie4
 
PPT
9-crypt.ppt9-crypt.ppt9-crypt.ppt9-crypt.ppt
ssuserc7a853
 
PPT
Chaos based cryprography - encryption & hash function
ssuser478d0e
 
PPT
7-cryptography in mobile security in network
AbdullahOmar704132
 
PPT
Introduction to Cryptography and its Basic Fundamentals
Chinfeliprada1
 
PPT
Crytography CertCourse Module 1 & 2.ppt
MuhammadShajid1
 
PPT
7-cryptography.ppt
Ghamdan5
 
PPT
RSA.ppt
LakshayYadav46
 
PPT
7-cryptography.pptfffffffffffffffffffffffffffffffffff
maninthemirrorrror
 
PPT
7-cryptography.ppt
RaghavRathi40
 
PPT
the art of the fking dum crypto_basic.ppt
jamkhan10
 
PPT
7-cryptography.ppt
akamkhalidmohammed
 
PPT
This is the presentation ofcryptography.ppt
vimalguptaofficial
 
PPT
Best book for the cryptography doctor.ppt
nicolausalex722
 
PPT
detailed presentation on cryptography analysis
BARATH800940
 
PPT
7 cryptography
Upinder Kaur
 
PPT
Cryptography - Overview
Mohammed Adam
 
PPT
encryptcryptographyyyyyyyyyyyyyyyyyy.ppt
SnehaPavithran6
 
PPTX
IANSunit 1_cryptography_2.pptxv xvxvxvxv
zmulani8
 
PPTX
Information system security Unit 2.pptx
Dr. Pallawi Bulakh
 
computer literacy works papers and pencil ew 9-crypt.ppt
dumaguitlouie4
 
9-crypt.ppt9-crypt.ppt9-crypt.ppt9-crypt.ppt
ssuserc7a853
 
Chaos based cryprography - encryption & hash function
ssuser478d0e
 
7-cryptography in mobile security in network
AbdullahOmar704132
 
Introduction to Cryptography and its Basic Fundamentals
Chinfeliprada1
 
Crytography CertCourse Module 1 & 2.ppt
MuhammadShajid1
 
7-cryptography.ppt
Ghamdan5
 
RSA.ppt
LakshayYadav46
 
7-cryptography.pptfffffffffffffffffffffffffffffffffff
maninthemirrorrror
 
7-cryptography.ppt
RaghavRathi40
 
the art of the fking dum crypto_basic.ppt
jamkhan10
 
7-cryptography.ppt
akamkhalidmohammed
 
This is the presentation ofcryptography.ppt
vimalguptaofficial
 
Best book for the cryptography doctor.ppt
nicolausalex722
 
detailed presentation on cryptography analysis
BARATH800940
 
7 cryptography
Upinder Kaur
 
Cryptography - Overview
Mohammed Adam
 
encryptcryptographyyyyyyyyyyyyyyyyyy.ppt
SnehaPavithran6
 
IANSunit 1_cryptography_2.pptxv xvxvxvxv
zmulani8
 
Information system security Unit 2.pptx
Dr. Pallawi Bulakh
 
Ad

Recently uploaded (20)

DOCX
pgdei-UNIT -V Neurological Disorders & developmental disabilities
JELLA VISHNU DURGA PRASAD
 
PPTX
Basics and rules of probability with real-life uses
ravatkaran694
 
PPTX
20250924 Navigating the Future: How to tell the difference between an emergen...
McGuinness Institute
 
PDF
What is CFA?? Complete Guide to the Chartered Financial Analyst Program
sp4989653
 
PPTX
How to Manage Leads in Odoo 18 CRM - Odoo Slides
Celine George
 
PPTX
CONCEPT OF CHILD CARE. pptx
AneetaSharma15
 
PDF
Virat Kohli- the Pride of Indian cricket
kushpar147
 
PPTX
family health care settings home visit - unit 6 - chn 1 - gnm 1st year.pptx
Priyanshu Anand
 
PPTX
HEALTH CARE DELIVERY SYSTEM - UNIT 2 - GNM 3RD YEAR.pptx
Priyanshu Anand
 
PPTX
Care of patients with elImination deviation.pptx
AneetaSharma15
 
PPTX
Python-Application-in-Drug-Design by R D Jawarkar.pptx
Rahul Jawarkar
 
PPTX
Cleaning Validation Ppt Pharmaceutical validation
Ms. Ashatai Patil
 
PPTX
Applications of matrices In Real Life_20250724_091307_0000.pptx
gehlotkrish03
 
PDF
RA 12028_ARAL_Orientation_Day-2-Sessions_v2.pdf
Seven De Los Reyes
 
PPTX
HISTORY COLLECTION FOR PSYCHIATRIC PATIENTS.pptx
PoojaSen20
 
PPTX
Artificial-Intelligence-in-Drug-Discovery by R D Jawarkar.pptx
Rahul Jawarkar
 
DOCX
SAROCES Action-Plan FOR ARAL PROGRAM IN DEPED
Levenmartlacuna1
 
PPTX
How to Apply for a Job From Odoo 18 Website
Celine George
 
PPTX
BASICS IN COMPUTER APPLICATIONS - UNIT I
suganthim28
 
PPTX
Tips Management in Odoo 18 POS - Odoo Slides
Celine George
 
pgdei-UNIT -V Neurological Disorders & developmental disabilities
JELLA VISHNU DURGA PRASAD
 
Basics and rules of probability with real-life uses
ravatkaran694
 
20250924 Navigating the Future: How to tell the difference between an emergen...
McGuinness Institute
 
What is CFA?? Complete Guide to the Chartered Financial Analyst Program
sp4989653
 
How to Manage Leads in Odoo 18 CRM - Odoo Slides
Celine George
 
CONCEPT OF CHILD CARE. pptx
AneetaSharma15
 
Virat Kohli- the Pride of Indian cricket
kushpar147
 
family health care settings home visit - unit 6 - chn 1 - gnm 1st year.pptx
Priyanshu Anand
 
HEALTH CARE DELIVERY SYSTEM - UNIT 2 - GNM 3RD YEAR.pptx
Priyanshu Anand
 
Care of patients with elImination deviation.pptx
AneetaSharma15
 
Python-Application-in-Drug-Design by R D Jawarkar.pptx
Rahul Jawarkar
 
Cleaning Validation Ppt Pharmaceutical validation
Ms. Ashatai Patil
 
Applications of matrices In Real Life_20250724_091307_0000.pptx
gehlotkrish03
 
RA 12028_ARAL_Orientation_Day-2-Sessions_v2.pdf
Seven De Los Reyes
 
HISTORY COLLECTION FOR PSYCHIATRIC PATIENTS.pptx
PoojaSen20
 
Artificial-Intelligence-in-Drug-Discovery by R D Jawarkar.pptx
Rahul Jawarkar
 
SAROCES Action-Plan FOR ARAL PROGRAM IN DEPED
Levenmartlacuna1
 
How to Apply for a Job From Odoo 18 Website
Celine George
 
BASICS IN COMPUTER APPLICATIONS - UNIT I
suganthim28
 
Tips Management in Odoo 18 POS - Odoo Slides
Celine George
 
Ad

cryptography.pptcryptography.pptcryptography.ppt

  • 1. Computer Security MIS 604 – IT Solutions to Business Problems Spring 2002 Secure Communication - Cryptography
  • 2. • Well established needs for secure communication – War time communication – Business transactions – Illicit Love Affairs • Requirements of secure communication 1. Secrecy – Only intended receiver understands the message 2. Authentication – Sender and receiver need to confirm each others identity 3. Message Integrity – Ensure that their communication has not been altered, either maliciously or by accident during transmission Secure Communication
  • 3. • Cryptography is the science of secret, or hidden writing • It has two main Components: 1. Encryption – Practice of hiding messages so that they can not be read by anyone other than the intended recipient 2. Authentication – Ensuring that users of data/resources are the persons they claim to be and that a message has not been surreptitiously altered Cryptography
  • 4. • Cipher is a method for encrypting messaged • Encryption algorithms are standardized & published • The key which is an input to the algorithm is secret – Key is a string of numbers or characters – If same key is used for encryption & decryption the algorithm is called symmetric – If different keys are used for encryption & decryption the algorithm is called asymmetric Encryption - Cipher Plain Text Encryption Algorithm Key A Key B Cipher Text Plain Text Decryption Algorithm
  • 5. • Algorithms in which the key for encryption and decryption are the same Cryptography is the – Example: Caesar Cipher • Types: 1. Block Ciphers – Encrypt data one block at a time (typically 64 bits, or 128 bits) – Used for a single message 2. Stream Ciphers – Encrypt data one bit or one byte at a time – Used if data is a constant stream of information Encryption - Symmetric Algorithms
  • 6. • Strength of algorithm is determined by the size of the key – The longer the key the more difficult it is to crack • Key length is expressed in bits – Typical key sizes vary between 48bits and 448 bits • Set of possible keys for a cipher is called key space – For 40-bit key there are 240 possible keys – For 40-bit key there are 2128 possible keys – Each additional bit added to the key length doubles the security • To crack the key the hacker has to use brute-force (i.e. try all the possible keys till a key that works is found) – Super Computer can crack a 56-bit key in 24 hours – It will take 272 times longer to crack a 128-bit key (Longer than the age of the universe) Symmetric Encryption – Key Strength
  • 7. • Caesar Cipher is a method in which each letter in the alphabet is rotated by three letters as shown Symmetric Algorithms – Caesar Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • Let us try to encrypt the message – Attack at Dawn Assignment: Each student exchange a secret message with their closest neighbor about some other person in the class and the neighbor will decipher it.
  • 8. Symmetric Algorithms - Caesar Cipher Encryption Plain Text Message: Attack at Dawn Cipher Text Message: Dwwdfn Dw Gdyq Cipher: Caesar Cipher Algorithm Key (3) Decryption Plain Text Message: Attack at Dawn Cipher Text Message: Dwwdfn Dw Gdyq Cipher: Caesar Cipher Algorithm Key (3) How many different keys are possible?
  • 9. • Any letter can be substituted for any other letter – Each letter has to have a unique substitute • There are 26! pairing of letters (~1026 ) • Brute Force approach would be too time consuming – Statistical Analysis would make it feasible to crack the key Symmetric Algorithms - Monoalphabetic Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z M N B V C X Z A S D F G H J K L P O I U Y T R E W Q Encrypted Message: Nkn, s gktc wky. mgsbc Message: Bob, I love you. Alice Cipher: Monoalphabetic Cipher Key
  • 10. • Developed by Blaise de Vigenere – Also called Vigenere cipher • Uses a sequence of monoalpabetic ciphers in tandem – e.g. C1, C2, C2, C1, C2 • Example Symmetric Algorithms - Polyalphabetic Cipher Encrypted Message: Gnu, n etox dhz. tenvj Message: Bob, I love you. Alice Cipher: Monoalphabetic Cipher Key Plain Text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C1(k=6) F G H I J K L M N O P Q R S T U V W X Y Z A B C D E C1(k=20) T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
  • 11. • Goal of DES is to completely scramble the data and key so that every bit of cipher text depends on every bit of data and ever bit of key • DES is a block Cipher Algorithm – Encodes plaintext in 64 bit chunks – One parity bit for each of the 8 bytes thus it reduces to 56 bits • It is the most used algorithm – Standard approved by US National Bureau of Standards for Commercial and nonclassified US government use in 1993 • Cracking the DES code – In 1997 it was cracked in 140 days – In 1999 it was cracked in 14 hours • To improve security Triple-DES has been created – It uses the DES algorithm multiple times in tandem Data Encryption Standard (DES)
  • 12. • Any exposure to the secret key compromises secrecy of ciphertext • A key needs to be delivered to the recipient of the coded message for it to be deciphered – Potential for eavesdropping attack during transmission of key Symmetric Encryption – Limitations
  • 13. • Uses a pair of keys for encryption – Public key for encryption – Private key for decryption • Messages encoded using public key can only be decoded by the private key – Secret transmission of key for decryption is not required – Every entity can generate a key pair and release its public key Asymmetric Encryption Plain Text Cipher Public Key Private Key Cipher Text Plain Text Cipher
  • 14. • Two most popular algorithms are RSA & El Gamal – RSA • Developed by Ron Rivest, Adi Shamir, Len Adelman • Both public and private key are interchangable – El Gamal • Developed by Taher ElGamal • Potential for eavesdropping attack during transmission of key • Efficiency is lower than Symmetric Algorithms – A 1024-bit asymmetric key is equivalent to 128-bit symmetric key Asymmetric Encryption
  • 15. • Slow compared to symmetric Encryption • It is problematic to get the key pair generated for the encryption. • Vulnerable to man-in-the-middle attack – Hacker could generate a key pair, give the public key away and tell everybody, that it belongs to somebody else. Now, everyone believing it will use this key for encryption, resulting in the hacker being able to read the messages. If he encrypts the messages again with the public key of the real recipient, he will not be recognized easily. Asymmetric Encryption - Weaknesses Bob David Bob’s Message + Public key Cipher David’s Public Key Trudeau (Middle-man) Trudeau’s Message + public key Cipher Trudeau’s Public Key Bob’s Encrypted Message Trudeau’s Encrypted Message David’s Message + public key Cipher Trudeau’s Encrypted Message Bob’s Public Key Trudeau’s New Message + public key Cipher Trudeau’s Encrypted Message David’s Public Key
  • 16. • Used to improve efficiency – Symmetric key is used for encrypting data – Asymmetric key is used for encrypting the symmetric key Asymmetric Encryption – Session-Key Encryption Plain Text Cipher (DES) Session Key Recipient’s Public Key Cipher Text Encrypted Key Cipher (RSA) Send to Recipient
  • 17. • Pretty Good Privacy (PGP) – Used to encrypt e-mail using session key encryption – Combines RSA, TripleDES, and other algorithms • Secure/Multipurpose Internet Mail Extension (S/MIME) – Newer algorithm for securing e-mail – Backed by Microsoft, RSA, AOL • Secure Socket Layer(SSL) and Transport Layer Socket(TLS) – Used for securing TCP/IP Traffic – Mainly designed for web use – Can be used for any kind of internet traffic Asymmetric Encryption – Encryption Protocols
  • 18. • Key agreement is a method to create secret key by exchanging only public keys. • Example – Bob sends Alice his public key – Alice sends Bob her public key – Bob uses Alice’s public key and his private key to generate a session key – Alice uses Bob’s public key and her private key to generate a session key – Using a key agreement algorithm both will generate same key – Bob and Alice do not need to transfer any key Asymmetric Encryption – Key Agreement Cipher (DES) Session Key Cipher (DES) Bob’s Public Key Alice’s Public Key Bob’s Private Key Alice’s Private Key Alice and Bob Generate Same Session Key!
  • 19. Diffie-Hellman Mathematical Analysis Bob & Alice agree on non-secret prime p and value a Generate Secret Random Number x Compute Public Key ax mod p Compute Public Key (ay )x mod p Generate Secret Random Number y Compute Public Key ay mod p Compute Public Key (ax )y mod p Bob Alice Identical Secret Key Bob & Alice exchange public keys
  • 20. • Diffie-Hellman is the first key agreement algorithm – Invented by Whitfield Diffie & Martin Hellman – Provided ability for messages to be exchanged securely without having to have shared some information previously – Inception of public key cryptography which allowed keys to be exchanged in the open • No exchange of secret keys – Man-in-the middle attack avoided Asymmetric Encryption – Key Agreement contd.
  • 21. • Authentication is the process of determining the authenticity of a message or user. • Two types of authentication: – Authentication of the identity presented by a remote or application participating in a session – Authentication of the sender’s identity is presented along with a message. Authentication
  • 22. • Use of secret character string only known to user and server • Problems with password based authentication: – Attacker learns password by social engineering – Attacker cracks password by brute-force and/or guesswork – Eavesdrops password if it is communicated unprotected over the network – Replays an encrypted password back to the authentication server Authentication – Password Based
  • 23. • Set of rules that governs the communication of data related to authentication between the server and the user • Techniques used to build a protocol are – Transformed password • Password transformed using one way function before transmission • Prevents eavesdropping but not replay – Challenge-response • Server sends a random value (challenge) to the client along with the authentication request. This must be included in the response • Protects against replay – Time Stamp • The authentication from the client to server must have time-stamp embedded • Server checks if the time is reasonable • Protects against replay • Depends on synchronization of clocks on computers – One-time password • New password obtained by passing user-password through one-way function n times which keeps incrementing • Protects against replay as well as eavesdropping Authentication Protocols
  • 25. • Personal Tokens are hardware devices that generate unique strings that are usually used in conjunction with passwords for authentication • Different types of tokens exist – Storage Token: A secret value that is stored on a token and is available after the token has been unlocked using a PIN – Synchronous one-time password generator: Generate a new password periodically (e.g. each minute) based on time and a secret code stored in the token – Challenge-response: Token computes a number based on a challenge value sent by the server – Digital Signature Token: Contains the digital signature private key and computes a computes a digital signature on a supplied data value • A variety of different physical forms of tokens exist – e.g. hand-held devices, Smart Cards, PCMCIA cards, USB tokens Authentication – Personal Tokens
  • 26. • Uses certain biological characteristics for authentication – Biometric reader measures physiological indicia and compares them to specified values – It is not capable of securing information over the network • Different techniques exist – Fingerprint Recognition – Voice Recognition – Handwriting Recognition – Face Recognition – Retinal Scan – Hand Geometry Recognition Authentication – Biometrics
  • 27. • Probability of two irises producing exactly the same code: 1 in 10 to the 78th power • Independent variables (degrees of freedom) extracted: 266 • IrisCode record size: 512 bytes • Operating systems compatibility: DOS and Windows (NT/95) • Average identification speed (database of 100,000 IrisCode records): one to two seconds Authentication – Iris Recognition The scanning process takes advantage of the natural patterns in people's irises, digitizing them for identification purposes Facts
  • 28. • A message digest is a fingerprint for a document • Purpose of the message digest is to provide proof that a document has not been tampered with. • Hash functions used to generate message digests are one way functions that have following properties – It must be computationally infeasible to reverse the function – It must be computationally infeasible to construct two messages which which hash to the same digest • Some of the commonly used hash algorithms are – MD5 – 128 bit hashing algorithm by Ron Rivest of RSA – SHA & SHA-1 – 162 bit hashing algorithm developed by NIST Authentication – Message Digests
  • 29. • A digital signature is a data item which accompanies or is logically associated with a digitally encoded message. • It has two goals – A guarantee of the source of the data – Proof that the data has not been tampered with • A digital signature is created with a persons private key and verified by their public key Authentication – Digital Signatures Message Sent to Receiver Digest Algorithm Digital Signature Sent to Receiver Message Digest Sender’s Private Key Sender’s Public Key Message Digest Signature Algorithm Signature Algorithm Digest Algorithm Message Digest Sender Receiver Same?
  • 30. • A digital certificate is a signed statement by a trusted party that another party’s public key belongs to them. – This allows one certificate authority to be authorized by a different authority (root CA) • Top level certificate must be self signed • Any one can start a certificate authority – Name recognition is key to some one recognizing a certificate authority – Verisign is industry standard certificate authority Authentication – Digital Certificates Identity Information Certificate Authority’s Private Key Sender’s Public Key Signature Algorithm Certificate
  • 31. • Chaining is the practice of signing a certificate with ainother private key that has a certificate for its public key – Similar to the passport having the seal of the government • It is essentially a person’s public key & some identifying information signed by an authority’s private key verifying the person’s identity • The authorities public key can be used to decipher the certificate • The trusted party is called the certificate authority Authentication – Certificate Chaining Certificate Authority’s Private Key Signature Algorithm New Certificate Certificate

Editor's Notes

  • #4: 1. Must have done this as an assignment last year.
  • #6: 1. Must have done this as an assignment last year.
  • #7: 1. Must have done this as an assignment last year.
  • #8: The key can be different -
  • #9: Statistical Analysis Knowing % of occurrences of different letters (e.g. e occurs 13% of time in the document and t occurs 19% of times) Knowing commonly occurring two and three letter combinations (e.g. in, it, the, ion, ing, …) If some knowledge about the content is available it is even easier to crack
  • #10: Statistical Analysis Knowing % of occurrences of different letters (e.g. e occurs 13% of time in the document and t occurs 19% of times) Knowing commonly occurring two and three letter combinations (e.g. in, it, the, ion, ing, …) If some knowledge about the content is available it is even easier to crack
  • #11: Statistical Analysis Knowing % of occurrences of different letters (e.g. e occurs 13% of time in the document and t occurs 19% of times) Knowing commonly occurring two and three letter combinations (e.g. in, it, the, ion, ing, …) If some knowledge about the content is available it is even easier to crack
  • #12: 1. Must have done this as an assignment last year.
  • #13: 1. Must have done this as an assignment last year.
  • #14: 1. Must have done this as an assignment last year.
  • #15: 1. Must have done this as an assignment last year.
  • #16: 1. Must have done this as an assignment last year.
  • #17: 1. Must have done this as an assignment last year.
  • #18: 1. Must have done this as an assignment last year.
  • #20: 1. Must have done this as an assignment last year.
  • #21: Page 120-131, Secure Electronic Commerce
  • #22: 1. Must have done this as an assignment last year.
  • #23: 1. Must have done this as an assignment last year.
  • #24: 1. Must have done this as an assignment last year.
  • #25: 1. Must have done this as an assignment last year.
  • #26: 1. Must have done this as an assignment last year.
  • #27: 1. Must have done this as an assignment last year.
  • #28: 1. Must have done this as an assignment last year.
  • #29: 1. Must have done this as an assignment last year.
  • #30: 1. Must have done this as an assignment last year.
  • #31: 1. Must have done this as an assignment last year.