NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

DNSSEC Cryptography Review DNSSEC Tutorial February 21, 2011 Hong Kong Will.i.am Hervey Allen.
Digital Signatures and Hash Functions. Digital Signatures.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Diffie-Hellman Key Exchange
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ASYMMETRIC CIPHERS.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Cryptography 101 Frank Hecker
Cryptographic methods: Recommended reading: "Applied Cryptography", Bruce Schneier Brian Candler Updated by Hervey Allen ccTLD Workshop Apia, Samoa.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Cryptography, Authentication and Digital Signatures
Cryptographic methods: Recommended reading: Applied Cryptography, Bruce Schneier PacNOG I Workshop Presented by Hervey Allen Materials originally by Brian.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
無線網路安全 WEP. Requirements of Network Security Information Security Confidentiality Integrity Availability Non-repudiation Attack defense Passive Attack.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture Topics: 11/29 Cryptography –symmetric key (secret key) –public/private key –digital signatures.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Hervey Allen Phil Regnauld 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Public / Private.
Web Applications Security Cryptography 1
Basics of Cryptography
Cryptography Much of computer security is about keeping secrets
Computer Communication & Networks
Cryptographic methods:
Presentation transcript:

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication - is this who they claim to be? Cryptography offers genuinely secure solutions to these problems We'll look briefly at four main components

NSRC Workshop 1. Hashes (one-way encryption) clear text Munging a document (of any size) gives a short, fixed-length hash or message digest Fixed-length message digest hashing function

NSRC Workshop Examples of Hash algorithms MD bits of output SHA bits RIPEMD bits SHA bits

NSRC Workshop Properties of Cryptographic Hashes Running the same hash algorithm on the same document always gives the same result It is infeasible to modify the document whilst keeping the hash the same - or even to find any other document with the same hash Hence a powerful check of integrity Important: MD5 is now BROKEN! – all it takes is 3 days and 200 playstation3's * – SHA1 not yet, but has known weaknesses * Google for "MD5 considered harmful today"

NSRC Workshop Quick Exercise On your PC: cat /etc/mailcap Compare the result on your neighbour's PC Are they exactly the same? Can you be sure? Now do: sha1sum /etc/mailcap Is your neighbour the same now? Edit the file (joe /etc/mailcap) and change just one character Do again: sha1sum /etc/mailcap

NSRC Workshop 2. Symmetric Cipher (private key cipher) clear text clear text cipher text KK The same key is used to encrypt the document before sending and to decrypt it once it is received ?

NSRC Workshop Examples of Symmetric Ciphers DES - 56 bit key length 3DES - effective key length 112 bits RC4 (Arcfour) bits AES (Advanced Encryption Standard) to 256 bit key length Blowfish bits, optimized for fast operation on 32-bit microprocessors

NSRC Workshop Properties of Symmetric Ciphers Provides confidentiality: infeasible to decrypt data without knowing the secret key K Provides integrity: a small change to the ciphertext will cause it to decrypt to garbage Provides authenticity: if I can decrypt the data with my key K, I know it must have been encrypted by someone who knows K Fast to encrypt and decrypt, suitable for large volumes of data

NSRC Workshop Attacks on Symmetric Ciphers Good ciphers resist attacks on the algorithm; brute- force attack is directly related to the key length. Current recommendation is a key length of 90+ bits, for data protection of 20 years.* Relies entirely on secrecy of the key. How can you distribute it securely to your peer without it being intercepted by an attacker? Use a hash to convert a passphrase into a value suitable for a key (passphrase easier to remember) *See for a collection of recommendations

NSRC Workshop 3. Diffie-Hellman key exchange Two parties agree on the same key - but a sniffer cannot derive it f(r1) f(r2) f(r1r2) random r1 random r2 ?

NSRC Workshop Properties of Diffie-Hellman One of the first asymmetric cryptosystems - from 1976 Used for generating temporary keys ("session keys") which are discarded after use A sniffer who sees all the traffic still cannot work out what key has been agreed upon Security depends on the number of bits, and on truly random numbers being chosen (reasonable minimum: "DH group 2", 1024 bits)

NSRC Workshop Does Diffie-Hellman solve the key distribution problem? Unfortunately not :-( An active attacker can intercept traffic and perform key exchange with either or both sides: a man-in-the-middle attack In short: you don't know who you're talking to

NSRC Workshop 4. Public key cipher clear text clear text k 1 (public key) k 2 (private key) cipher text One key is used to encrypt the document, a different key is used to decrypt it. This is a big deal!

NSRC Workshop Properties of Public Key Ciphers The keys are mathematically related Easy to convert private key into public key Infeasible to convert public key into private key You can safely post your public key anywhere!! (That's why it's called "public") Can provide confidentiality: encrypt with public key, decrypt with private key Can provide authenticity: encrypt with private key, decrypt with public key

NSRC Workshop Properties of Public Key Ciphers Mathematical attacks, not just brute force 512-bit RSA broken 1024-bit RSA may be insecure against highly- resourced opponents 2048-bit is recommended for good security MUCH slower than symmetric ciphers (like, 1000 or 10,000 times slower) Hence are combined with symmetric ciphers to build a practical system

NSRC Workshop Example application: gpg gpg lets you: generate a public/private key pair encrypt messages with any public key, and/or sign messages with your private key Used for sending encrypted , verifying integrity of software packages, etc

NSRC Workshop Use for authentication If you have my public key, I can prove to you that I own the corresponding private key (without sending it to you) My public key is therefore a form of identity Similarly, you can prove your identity to me Solves the man-in-the-middle problem, as long as we both know each other's public keys If not, we can use a third party - a Certificate Authority - to confirm identity of key owner

NSRC Workshop Example: ssh with private key auth A simple way to get rid of passwords entirely! Generate an ssh key pair (just once) Keep the private key safe - encrypt it with a passphrase Install the public key on each server you want to login to When you login, you use the passphrase to decrypt ("unlock") your private key locally - it never gets sent to the remote system

NSRC Workshop Proving identities with ssh keys Server's public key ~/.ssh/known_hosts User's public key ~/.ssh/authorized_keys User's private key (+public) ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Server's private key (+public) /etc/ssh/ssh_host_rsa_key /etc/ssh_host_rsa_key.pub CLIENTSERVER (ssh has become popular partly because it doesn't use certificates)

NSRC Workshop Man-in-the-middle and ssh How does the server know it's really me? Because my public key is in ~/.ssh/authorized_keys How did it get there? Trusted person put it there How do I know the server is really them? The server's public key is in ~/.ssh/known_hosts How does it get there? I could do it manually. If not, ssh prompts me to install it the first time I connect This works fine, as long as a man-in-the-middle attack is not taking place at the time!

NSRC Workshop Exercise Create ssh public/private key pair (RSA, 2048 bits) Copy the public key onto your Unix server PC Use your private key to login without password

NSRC Workshop Discussion What are the pros and cons of this approach, compared to passwords?

NSRC Workshop WARNING! This is the most basic introduction to crypto DON'T try to write your own cryptographic tools - there are many pitfalls Look at what happened with WEP DO use widely-used and reviewed tools: they are written by people who understand the maths and the possible weaknesses

NSRC Workshop And don't forget the human element

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.