Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Chapter 11: Cryptography
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.
Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Cryptography, Authentication and Digital Signatures
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Networks Management and Security Lecture 3.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer and Network Security - Message Digests, Kerberos, PKI –
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Network Security Celia Li Computer Science and Engineering York University.
Basics of Cryptography
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Cryptography Why Cryptography Symmetric Encryption
Computer Communication & Networks
Public Key Encryption Systems
Basic Network Encryption
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Lecture 4 - Cryptography
Intro to Cryptography Some slides have been taken from:
Protocol ap1.0: Alice says “I am Alice”
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Basic Network Encryption
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Public Key Encryption Systems
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Presentation transcript:

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding

RSA algorithm The most famous algorithm to handle public key encryption is the RSA algorithm. Named after its founders (Ron Rivest, Adi Shamir and Leonard Adelman). There are two interrelated components in RSA: Choice of the public key and the private key. The encryption and decryption algorithm. 2

RSA algorithm RSA algorithm is based on mathematical exponentiations, which are very time consuming. In comparison to DES, RSA is more than 100 times slower in software and between 1,000 to 10,000 times slower in hardware than DES. Because of this disadvantage in RSA, it is usually used in combination with DES. (i.e. RSA will be used first to encrypt and send the DES secret key. later, the messages between the sender and the receiver will be encrypted using the shared secret key). A similar technique is used in SSL protocol. 3

Signature Handwritten signature is used to authenticate the identity of the sender, to guarantee that the message have not been changed. It is also used as an evidence against sender repudiation. Digital Signature is the electronic equivalent of the written signature.

Digital signature and message integrity Encryption and decryption essentially used to achieve confidentiality. But they are computationally expensive and in many cases confidentiality is not needed. For example, two routers exchanging routing tables doesn’t need secrecy, instead they need to authenticate the sender and to ensure that the message has not been changed en route (message integrity). This is why digital signature is used. 5

Digital signature In the case of symmetric key, there is a single shared secret key. The fact that the sender knows the secret key implicitly identifies the sender to the receiver. In the case of public key cryptography, however, this is no longer true since anyone can claim to be Ali, encrypt and send a message to Bacil using Bacil’s public key. To solve this problem, Digital Signature was developed. 6

Digital signature We can carryout digital signature by encrypting data with the private key of the sender. ( and If we want to achieve confidentiality too, we have also to encrypt the result with the public key of the receiver). This is not a good idea. Why ?

Digital signature A more efficient approach is to use the “Message Digest” technique. Message Digest (sometimes called Hash Value) is a somehow like a checksum, used to ensure that the message was not changed en route. Message Algorithm (sometimes called Hash Function) is an algorithm that takes a message m and compute a fixed length fingerprint of data from it, known as “message digest”, H(m).

Digital signature The idea here is that the message digest H(m) of the message m is an indicator of whether the message has been changed during transmission or not. - If m is changed to m`, we will find that H(m) ≠ H(m`) - In fact, any change in m will result in completely different H(m) - The chance that two different messages may have the same H(m) is almost imposible, and it is unfeasible to compute m from its H(m).

Digital signature Lets suppose that Ali wants to sign a message to ensure that Bacil will receive it unchanged. - If the H(m) computed at the receiver and the H(m) received are equal this confirms that the message was not changed during transmission. (message integrity). - Since the H(m) was encrypted using the private key of the sender, this authenticate the sender. * This is basicly the digital signature. Retrieve m and H(m), then calculate H(m) for m. Compare the computed H(m) with the received H(m) If they are equal, the message was not changed. Calculate H(m) of the message m. Then encrypt H(m) using Ali’s private key Ali Bacil m plain or encrypted with B’s public key + H(m) encryped with A’s private key Insecure Channel

Standards for hash functions: The Secure Hash Algorithm (SHA-1): this algorithm produces a message digest of 160 bit from message. The MD5: produces 128 bit message digest. The Digital Signature Algorithm (DSA): adopted by the government of the United States. * Many countries put laws making digital signature as legally binding as normal handwritten signature.

Key distribution and certification The main disadvantage in symmetric key cryptography is the need for the two communicating parties to agree upon the secret key before they begin to communicate. In public key cryptography there is no need to agree on a secret key on advance. But one of the problems in public key cryptography is about obtaining securely the public key. (In other words, how can you be sure that the public key of Ali is really belongs to Ali, not to someone else claiming that he is Ali). These problems can be solved using a trusted intermediary.

Key distribution and certification The trusted intermediary for the symmetric key cryptography is called a Key Distribution Center (KDC). It is a server that is used to establish a symmetric key by one party and then send it securely to the other party. For example, Kerberos. The trusted intermediary for the asymmetric key cryptography is called Certification Authority (CA). The Certification Authority certifies that a public key really belongs to a particular entity. CA’s job is to validate identities and to issue certificates. The certificate binds a public key to its owner. (The certificate is also digitally signed by the CA).

Certification The most famous format for certificates today is called X.509 With the recent boom in E-commerce, there has been increased interest in certification authorities. Among the companies providing CA services are Cybertrust, Netscape, Thawte and VeriSign.

Certificates