10 – 12 APRIL 2005 Riyadh, Saudi Arabia. Encryption in Detail: The Inner Workings Murat Lostar NOSPAM com) Information Security Consultant.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb

Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Crytography Chapter 8.

SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki Strategic Consultant Project.

Mostly borrowed & updated from Steve Lamb in Microsoft Land….

Principles of Information Security, 2nd edition1 Cryptography.

Web Security for Network and System Administrators1 Chapter 4 Encryption.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Chapter 5 Cryptography Protecting principals communication in systems.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Cryptographic Technologies

CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.

Cryptography and PKI for Passive Security Rafal Lukawiecki Strategic Consultant, Project Botticelli Ltd

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Encryption Methods By: Michael A. Scott

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.

Introduction to Public Key Cryptography

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Dr. Khalid A. Kaabneh Amman Arab University

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Crypto Bro Rigby. History

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Cryptography, Authentication and Digital Signatures

Review of basic cryptographically algorithm Asymmetric encoding (Private and Public Keys), Hash Function, Digital Signatures and Certification.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.

Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.

Lecture 2: Introduction to Cryptography

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

Cryptography and the Web Lincoln Stein Whitehead Institute/MIT Center for Genome Research.

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.

DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.

MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim

ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.

Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Basics of Cryptography

Security through Encryption

Presentation transcript:

10 – 12 APRIL 2005 Riyadh, Saudi Arabia

Encryption in Detail: The Inner Workings Murat Lostar NOSPAM com) Information Security Consultant

Cryptography The art of secret message writing. Creating texts that can only be read by authorized individuals only.

Simple Cryptography   Plaintext Key Ciphertext

Caesar Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM THE GOTHS COMETH rotate 13 positions FUR TAFUE PAYRFU Plaintext Key Ciphertext 13

ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA CDEFGHIJKLMNOPQRSTUVWXYZAB DEFGHIJKLMNOPQRSTUVWXYZABC EFGHIJKLMNOPQRSTUVWXYZABCD FGHIJKLMNOPQRSTUVWXYZABCDE GHIJKLMNOPQRSTUVWXYZABCDEF HIJKLMNOPQRSTUVWXYZABCD... Rotating Key Cipher SOUND THE RETREAT DEADFED VSUPC XKG UEWWEX plaintext key ciphertext

General Principles Longer keys make better ciphers Random keys make better ciphers Good ciphers produce “random” ciphertext Best keys are used once and thrown away

Symmetric (Private Key) Cryptography 8 Examples: AES, DES, RC5, IDEA, Skipjack Advantages: fast, ciphertext secure Disadvantages: must distribute key in advance, key must not be disclosed

DES: Data Encryption Standard Widely published & used - federal standard Complex series of bit substitutions, permutations and recombinations Basic DES: 56-bit keys Crackable in about a day using specialized hardware Triple DES: effective 112-bit key Stronger

AES (Rijndael) Standard replacement for DES for US government, and, probably for all of us as a result… Winner of the AES (Advanced Encryption Standard) competition run by NIST (National Institute of Standards and Technology in US) in Comes from Europe (Belgium) by Joan Daemen and Vincent Rijmen. “X-files” stories less likely (unlike DES). Symmetric block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too) Fast and a lot of good properties, such as good immunity from timing and power (electric) analysis Construction deceptively similar to DES (XORs etc.) but really different

Asymmetric (Public Key) Cryptography 8 8 u Examples: RSA, Diffie-Hellman, ElGamal u Advantages: public key widely distributable, does digital signatures u Disadvantages: slow, key distribution

RSA Algorithm patented by RSA Data Security Uses special properties of modular arithmetic C = P e (mod n) P = C d (mod n) e, d, and n all hundreds of digits long and derived from a pair of large prime numbers Keys lengths from 512 to 4096 bits

Symmetric vs. Asymmetric Encryption Algorithm TypeDescription Symmetric (DES, TripleDES, AES, IDEA, RC2…) Uses one key to: Encrypt the data Decrypt the data Is fast and efficient Requires secure transfer of key Asymmetric (RSA, DH, DSA, ElGammal) Uses two mathematically related keys: Public key to encrypt the data Private key to decrypt the data Is slower than symmetric encryption Solves key distribution problem Hybrid (RSA/AES etc.) Symmetric encryption of data Asymmetric encryption of the symmetric key

Hybrid Encryption (Real World) As above, repeated for other recipients or recovery agents Digital Envelope Other recipient’s or agent’s public key (in certificate) in recovery policy Launch key for nuclear missile“RedHeat”is... Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope User’s public key (in certificate) RNG Randomly- Generated symmetric “session” key Symmetric encryption (e.g. DES) *#$fjda^ju539!3t t389E 5e%32\^kd

*#$fjda^ju539!3t 5e%32\^kd Launch key for nuclear missile“RedHeat”is... Launch key for nuclear missile“RedHeat”is... Symmetric decryption (e.g. DES) Digital Envelope Asymmetric decryption of “session” key (e.g. RSA) Symmetric “session” key Session key must be decrypted using the recipient’s private key Digital envelope contains “session” key encrypted using recipient’s public key Recipient’s private key Hybrid Decryption

Public Key Encryption: The Frills Frill (add-on)Technique Fast encryption/decryptionDigital envelopes Authentication of senderDigital signature Verification of message integrityMessage digests Safe distribution of public keysCertifying authorities

Digital Envelopes 88 session key public key private key

Digital Signatures 88 public key private key

Message Digests sender’s public key sender’s private key hash

Verifying Simple Data Integrity with Hashes (Message Digests) User A User B Data Hash Value Hash Algorithm Data Hash Value Hash Algorithm If hash values match, data is valid User A sends data and hash value to User B

Creating a Digital Signature Hash Function (SHA, MD5) Jrf843kjfgf* £$&Hdif*7o HDFHSD(** Py75c%bn&*)9|fDe^b mdFg$5knvMd’rkveg Ms” This is a really long message about Bill’s… Asymmetric Encryption Message or File Digital Signature 128 bits Message Digest Calculate a short message digest from even a long input using a one-way message digest function (hash) Signatory’s private key private

Verifying a Digital Signature Jrf843kjf gf*£$&Hd if*7oUsd FHSD(** Py75c%bn&*) 9|fDe^bDFaq &nmdFg$5kn vMd’rkvegMs” Asymmetric decryption (e.g. RSA) Everyone has access to trusted public key of the signatory Signatory’s public key Digital Signature This is a really long message about Bill’s… Same hash function (e.g. MD5, SHA…) Original Message Py75c%bn&*) 9|fDe^bDFaq &nmdFg$5kn vMd’rkvegMs” ? == ? Are They Same?

Certifying Authorities

X.509 Certificate Certificate Authority Digital Signature of All Components Together: Serial Number Issuer X.500 Distinguished Name Validity Period Subject X.500 Distinguished Name Subject Public Key Information Key/Certificate Usage Extensions OU=Project Botticelli… The Key or Info About It

Hierarchy of Trust

Transmitting Public Keys 8 8

Future is Here: Quantum Cryptography Method for generating and passing a secret key or a random stream Not for passing the actual data, but that’s irrelevant Polarisation of light (photons) can be detected only in a way that destroys the “direction” (basis) So if someone other than you observes it, you receive nothing useful and you know you were bugged Perfectly doable up to 120km long fibre-optic link Commercial applications available as of Nov 2003 (BB84) Don’t confuse it with quantum computing, which won’t be with us for at least another 50 years or so, or maybe longer…

For more information The Code Book (Simon Singh) ISBN: RSA ( Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN Foundations of Cryptography, O. Goldereich, Books/oded_book_readme.html Books/oded_book_readme.html

© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.