1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Cryptography Ch-1 prepared by: Diwan.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Chapter 11: Cryptography
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Cryptography CSPrinciples II February 12, Needs for Privacy What are some specific needs for privacy when using the internet?
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Image Representation Privacy/Cryptography CS 104 October 3, 2011.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Cryptography, Authentication and Digital Signatures
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Encryption.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.
Cryptography – Test Review
Basics of Cryptography
Computer Communication & Networks
최신정보보호기술 경일대학교 사이버보안학과 김 현성.
NET 311 Information Security
Chapter 13 Digital Signature
Fluency with Information Technology Lawrence Snyder
Presentation transcript:

1 Cryptography Basics

2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates Digital Signature

3 TYPES OF CRYPTOGRAPHIC ALGORITHMS There are several ways of classifying cryptographic algorithms. For purposes of this lesson, they will be categorized based on the number of keys that are employed for encryption and decryption, and further defined by their application and use. The three types of algorithms that will be discussed are (Figure 1): –Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption –Public Key Cryptography (PKC): Uses one key for encryption and another for decryption –Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information

4 TYPES OF CRYPTOGRAPHIC ALGORITHMS

5 Secret Key Cryptography With secret key cryptography, a single key is used for both encryption and decryption. As shown in Figure 1A, the sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key.

6 Secret Key Cryptography Secret key cryptography algorithms that are in use today include Rivest Ciphers (aka Ron's Code): Named for Ron Rivest, a series of SKC algorithms. (RC1, RC2, RC3, RC4, RC5, RC6)

7 Public-Key Cryptography Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. The important point here is that it does not matter which key is applied first, but that both keys are required for the process to work (Figure 1B). Because a pair of keys are required, this approach is also called asymmetric cryptography. In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party. It is straight forward to send messages under this scheme. Suppose Alice wants to send Bob a message. Alice encrypts some information using Bob's public key; Bob decrypts the ciphertext using his private key. This method could be also used to prove who sent a message; Alice, for example, could encrypt some plaintext with her private key; when Bob decrypts using Alice's public key, he knows that Alice sent the message and Alice cannot deny having sent the message (non-repudiation).

8 Public-Key Cryptography Public-key cryptography algorithms that are in use today for key exchange or digital signatures include: RSA: The first, and still most common, PKC implementation, named for the three MIT mathematicians who developed it — Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA today is used in hundreds of software products and can be used for key exchange, digital signatures, or encryption of small blocks of data.

9 Hash Functions Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key (Figure 1C). Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file.

10 Hash Functions Hash algorithms that are in common use today include: Message Digest (MD) algorithms: A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message. MD2 (RFC 1319): Designed for systems with limited memory, such as smart cards. (MD2 has been relegated to historical status, per RFC 6149.)RFC 1319RFC 6149 MD4 (RFC 1320): Developed by Rivest, similar to MD2 but designed specifically for fast processing in software. (MD4 has been relegated to historical status, per RFC 6150.)RFC 1320RFC 6150 MD5 (RFC 1321): Also developed by Rivest after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data. MD5 has been implemented in a large number of products although several weaknesses in the algorithm were demonstrated by German cryptographer Hans Dobbertin in 1996 ("Cryptanalysis of MD5 Compress").RFC 1321"Cryptanalysis of MD5 Compress"

11 Basic Terminologies Cryptography deals with creating documents that can be shared secretly over public communication channels Cryptographic documents are decrypted with the key associated with encryption, with the knowledge of the encryptor The word cryptography comes from the Greek words: Krypto (secret) and graphein (write) Cryptanalysis deals with finding the encryption key without the knowledge of the encryptor Cryptology deals with cryptography and cryptanalysis Cryptosystems are computer systems used to encrypt data for secure transmission and storage

12 Basic Terminologies Keys are rules used in algorithms to convert a document into a secret document Keys are of two types: –Symmetric –Asymmetric A key is symmetric if the same key is used both for encryption and decryption A key is asymmetric if different keys are used for encryption and decryption

13 Basic Terminologies Examples: –Symmetric key methods DES 56-bit Triple DES 128-bit AES 128-bit and higher Blowfish 128-bit and higher –Asymmetric key methods RSA (Rivest-Shamir-Adleman of MIT) PGP (Phil Zimmerman of MIT)

14 Basic Terminologies Plaintext is text that is in readable form Ciphertext results from plaintext by applying the encryption key Notations: –M message, C ciphertext, E encryption, D decryption, k key –E(M) = C –E(M, k) = C Fact: D(C) = M, D(C, k) = M

15 Basic Terminologies Hash algorithms take an arbitrary length message and create a fixed length digest known as Message Digest Well-known hash algorithms are MD-4 and MD-5

16 PKI Public Key Infrastructure (PKI) is a government initiative to protect computer systems Developed in the 1970s but has not been widely accepted. However, parts of the system are in extensive use today. These are Digital Certificates and Digital Signatures. Digital Certificates are given by trusted third parties, known as Certificate Authorities (CAs). Verisign (an offshoot of RSA) is a CA. Any organization can be a CA as long as there are people willing to believe their assessment of authenticity.

17 Digital Certificates Issued by trusted third parties known as Certificate Authorities (CAs) Verisign is a trusted third party Used to authenticate an individual or an organization Digital Certificates are usually given for a period of one year They can be revoked It is given at various security levels. Higher the security level, the CA verifies the authenticity of the certificate seeker more.

18 Digital Certificates Digital Certificates can be issued by any one as long as there are people willing to believe them Major CAs are: –Verisign –GeoTrust –BeTrusted –Thawte

19 Digital Certificates Digital Certificates are part of the authentication mechanism. The other part is Digital Signature. When a user uses the digital signature, the user starts with their private key and encrypts the message and sends it. The receiver uses the sender’s public key and decrypts the message In traditional encryption, the sender uses the public key of the receiver and encrypts the message and sends it and the receiver decrypts the message with their private key

DIGITAL SIGNATURE Let us begin by looking at the differences between conventional signatures and digital signatures.Let us begin by looking at the differences between conventional signatures and digital signatures.

A conventional signature is included in the document; it is part of the document. But when we sign a document digitally, we send the signature as a separate document.

For a conventional signature, when the recipient receives a document, she compares the signature on the document with the signature on file. For a digital signature, the recipient receives the message and the signature. The recipient needs to apply a verification technique to the combination of the message and the signature to verify the authenticity. Verification Method

For a conventional signature, there is normally a one-to- many relationship between a signature and documents. For a digital signature, there is a one-to-one relationship between a signature and a message. Relationship

13.24 In conventional signature, a copy of the signed document can be distinguished from the original one on file. In digital signature, there is no such distinction unless there is a factor of time on the document. Duplicity

PROCESS Figure 13.1 shows the digital signature process. The sender uses a signing algorithm to sign the message. The message and the signature are sent to the receiver. The receiver receives the message and the signature and applies the verifying algorithm to the combination. If the result is true, the message is accepted; otherwise, it is rejected.Figure 13.1 shows the digital signature process. The sender uses a signing algorithm to sign the message. The message and the signature are sent to the receiver. The receiver receives the message and the signature and applies the verifying algorithm to the combination. If the result is true, the message is accepted; otherwise, it is rejected.

Continued Figure 13.1 Digital signature process

Need for Keys Figure 13.2 Adding key to the digital signature process A digital signature needs a public-key system. The signer signs with her private key; the verifier verifies with the signer’s public key. Note

Signing the Digest Figure 13.3 Signing the digest

29

30

13.31 WHY? A digital signature can directly provide : Message Authentication Message Integrity Nonrepudiation

13.32 A secure digital signature scheme, like a secure conventional signature can provide message authentication Message Authentication A digital signature provides message authentication. Note

13.33 The integrity of the message is preserved even if we sign the whole message because we cannot get the same signature if the message is changed Message Integrity A digital signature provides message integrity. Note