Cryptography: Securing the Information Age Source: technical.html "If you think cryptography can solve your problem, then you don't understand your problem and you don't understand cryptography." -- Bruce Schneider
Essential Terms Cryptography Encryption Plain text Cipher text Decryption Cipher text Plain text Cryptanalysis Cryptology Source:
Information Security for… Defending against external/internal hackers Defending against industrial espionage Securing E-commerce Securing bank accounts/electronic transfers Securing intellectual property Avoiding liability
Types of Secret Writing Secret writing SteganographyCryptography
Our Concern.. Secret writing SteganographyCryptography SubstitutionTransposition Code Cipher
Copyright 1999 Jay D. Dyson All right reserved Overview of Cryptography Cryptography is an often misunderstood and misused security tool. Today more than ever, privacy is a necessary part of business communications. The following is an overview of public key cryptography and one of its more widely-used implementations, Pretty Good Privacy (PGP). What is Cryptography?
Overview of cryptography.. Terminology: Cryptographic/Cipher System - A method of disguising a message so only authorized users may read it. Cryptology - The study of cryptography. Encryption - The process of converting plaintext into cipher text. Decryption - The process of converting cipher text back to its original plaintext. Cryptographic Algorithm - The computational procedure used to encrypt and decrypt messages. Cryptanalysis - The process of finding a weakness in, or actual breaking of, a cryptographic system.
The simplest and oldest way to send a secret message to someone. The code must be known to the sender or recipient. Types of Cryptographic Systems Secret Codes Code PhraseTrue Meaning My coffee is cold Pass the cream Launch the missiles Don’t launch the missiles
Types of Cryptographic Systems Ciphers Substitution ciphers are the simplest type of cipher system. Each letter of the alphabet is assigned to a number or different letter. ROT13 is a commonly used cipher. A B C D E F G H I J K L M A B C...
Types of Cryptographic Systems One-Time Pads One-Time Pads uses a different key for a specific time period. Truly secure, no patterns evolve. Most vulnerabilities due to human carelessness. Copyright 1999 Jay D. Dyson All right reserved One-Time Pad - Shift each encrypted letter x places to the right fazmyqbgnke Encrypted Message This is a test
Crypto Keys & Algorithms General Concepts and Definitions As a password is used to access a computer system, a cryptographic key is a password or passphrase that is used to unlock an encrypted message. Different encryption systems offer different key lengths - Just as a longer password provides more security (Windows NT excluded) the longer and more complex the key is, the more security an encryption system provides. A cryptographic algorithm is a mathematical function used for encryption and decryption. Most algorithms contain a certain number of “rounds.” This determines how many times the text will be run through the algorithm
Cryptographic Methods Secret Key (symmetric) Cryptography A single key is used to both encrypt and decrypt a message. A secure channel must be in place for users to exchange this common key. Plaintext Message Secret Key Encrypted Message Secret Key
Cryptographic Methods Public Key (asymmetric) Cryptography Two keys are used for this method, the public key is used to encrypt. The private key is used to decrypt. This is used when it isn’t feasible to securely exchange keys. Jay’s Public Key Jay’s Private Key Frank Encrypted Message Clear Text
Cryptographic Methods One-Way Functions One-way functions: Used to generate a fixed-length hash (also known as a message-digest) of a file. This hash is essentially a ‘digital fingerprint’ of the file that would be sent along with a document. The recipient would use the same method to generate a hash. If the hashes do not match the file has been altered. Message Crypto-Algorithm 5058f1af f609cadb75a75dc9d 128 bit digital fingerprint
Private vs. public Cryptography Private (symmetric, secret) key – the same key used for encryption/decryption Problem of key distribution Public (asymmetric) key cryptography – a public key used for encryption and private key for decryption Key distribution problem solved
Currently Available Crypto Algorithms (private key) DES (Data Encryption Standard) and derivatives: double DES and triple DES IDEA (International Data Encryption Standard) Blowfish RC5 (Rivest Cipher #5) AES (Advance Encryption Standard)
Currently Available Crypto Algorithms (public key) RSA (Rivest, Shamir, Adleman) DH (Diffie-Hellman Key Agreement Algorithm) ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm) RPK (Raike Public Key)
Simplified-DES Popularly called S-DES Very simple Uses a 10bit key to encrypt an 8bit data block Formed the basis of DES Provide a low grade of security Hence not much secure
Data Encryption Standard(DES) Most widely used private key cryptographic technique Was not feasible to crack till 1980’s Encrypts 64bit data block with 56bit key Contains many permutation functions hence making it more and more complex. Paved way for double, triple and advanced DES
RSA Developed by Rivest, Shamir and Adleman Uses a pair of public and private key Very much secure and efficient Simple approach Security based on the fact that factorizing n to get p and q is very difficult if n is a large number(>5digits)
Private-key versus public-key cryptography Prime advantage of public-key cryptography is increased security - the private keys do not ever need to be transmitted or revealed to anyone. Public key cryptography is not meant to replace secret-key cryptography, but rather to supplement it, to make it more secure. Example RSA and DES are usually combined as follows 1. The message is encrypted with a random DES key 2. DES-key is encrypted with RSA 3. DES-encrypted message and RSA-encrypted DES-key are sent. This protocol is called RSA digital envelope.
DES vs. RSA RSA is about 1500 times slower than DES – Exponentiation and modulus Generation of numbers used in RSA can take time Generally infeasible to crack RSA with limited resources and time –
Pretty Good Privacy (PGP) Overview & History PGP is a personal high-security cryptographic software application that allows people to exchange messages or files with privacy, authentication, and convenience. PGP can be used to encrypt and digitally sign files and . Developed by Phil Zimmerman in the mid ‘80s. First version released on the Internet in 1991; got immediate NSA attention and encountered legal issues on its use of RSA and Merkle-Hellman cryptography patents. Purchased by ViaCrypt in 1993 (they had RSA license). Re-released in 1994 with RSAREF toolkit license. Purchased by Network Associates in 1998.
PGP (Pretty Good Privacy) a hybrid encryption technology Message is encrypted using a private key algorithm (IDEA or DES as previously used) Key is then encrypted using a public key algorithm (RSA) For file encryption, only IDEA algorithm is used PGP is free for home use
Authentication and Digital Signatures Preventing impostor attacks Preventing content tampering Preventing timing modification Preventing repudiation By: Encryption itself Cryptographic checksum and hash functions
Digital Signatures Made by encrypting a message digest (cryptographic checksum) with the sender’s private key Receiver decrypts with the sender’s public key (roles of private and public keys are flipped)
Benefits of Cryptographic Technologies Data secrecy Data integrity Authentication of message originator Electronic certification and digital signature Non-repudiation
Potential Problems with Cryptographic Technologies? False sense of security if badly implemented Government regulation of cryptographic technologies/export restrictions Encryption prohibited in some countries
How Secure are Today’s Technologies? $250,000 machine cracks 56 bit key DES code in 56 hours IDEA, RC5, RSA, etc. resist complex attacks when properly implemented distributed.net cracked 64 bit RC5 key (1,757 days and 331,252 people) in July, 2002 A computer that breaks DES in 1 second will take 149 trillion years to break AES! Algorithms are not theoretically unbreakable: successful attacks in the future are possible
How Secure are Today’s Technologies? Encryption does not guarantee security! Many ways to beat a crypto system NOT dependent on cryptanalysis, such as: – Viruses, worms, hackers, etc. – TEMPEST attacks, – Unauthorized physical access to secret keys Cryptography is only one element of comprehensive computer security Source: The Gartner Group
What is to be done? The Gartner Group recommends: Develop migration plans to stronger crypto. Begin implementation of modified and stronger algorithmic techniques.
Your questions are welcome! Presented by:- Akshay kumar Ekta raghav Himanshu chaudhary