Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Slides:



Advertisements
Similar presentations
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Encryption Methods By: Michael A. Scott
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Introduction to Public Key Cryptography
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
CSCI 6962: Server-side Design and Programming
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Linux Networking and Security Chapter 8 Making Data Secure.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
CS110: Computers and the Internet Encryption and Certificates.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Encryption.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Public Key Encryption.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Encryption CS110: Computer Science and the Internet.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
CIS 325: Data Communications1 Chapter Seventeen Network Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
COMP 424 Computer Security Lecture 09 & 10. Protocol ● An orderly sequence of steps agreed upon by two or more parties in order to accomplish a task ●
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
CSI-09 COMMUNICATION TECHNOLOGY SECURITY MECHANISMS IN A NETWORK AUTHOR - V. V. SUBRAHMANYAM.
Lecture Topics: 11/29 Cryptography –symmetric key (secret key) –public/private key –digital signatures.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Computer Communication & Networks
Secure Sockets Layer (SSL)
NET 311 Information Security
CS Introduction to Operating Systems
The Secure Sockets Layer (SSL) Protocol
Public-Key, Digital Signatures, Management, Security
Presentation transcript:

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption? What is symmetric key encryption? UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 Introduction to Operating Systems Andrea C. Arpaci-Dusseau Remzi H. Arpaci-Dusseau

Motivation Scenario: Communicate between two endpoints over unprotected channel (e.g., network) Others can eavesdrop on channel Others can inject messages on channel Goals Provide secure communication –No one can understand message contents Provide authentication –Establish identify of sender –Ensure that message contents are not altered

Encryption Mechanism Convert data to form that does not make sense to others Terminology Clear text (plain text): Initial readable text that needs protection Cipher text: Encrypted version of clear text Steps Sender: Encrypt clear text to cipher text – Apply function with encryption key to clear text Cipher text can be stored in readable file or transmitted over unprotected channels Receiver: Decrypt cipher text to clear text –Apply function with decryption key to cipher text Based on factoring very large numbers (product of two primes)

Necessary Conditions 1) Decryption function or key remains secret If encryption and decryption keys are identical, cannot leak either key 2) Encryption function cannot be easily inverted 3) Encryption and decryption must be done is safe place Trusted Computing Base (TCB) Clear text must never be leaked outside of TCB

Public Key Encryption RSA algorithm (Rivest, Shamir, Adleman) Two keys for every user Public key: Known by everyone Secret (private) key: Known only by user Requirements Cannot derive one from knowing the other Public and secret keys are inverses of each other –Encode with secret key of A --> decode with public key of A {{Msg} SA } PA --> Msg –Encode with public key of A --> decode with secret key of A {{Msg} PA } SA --> Msg

Security with Public Keys Secure communication: Ensure that no one can read content of messages Example: A sends Msg to B A->B: {Msg} PB B can decode {Msg} PB with SB No one else but B can decode Msg Anyone can send messages to B

Authentication with Public Keys Authentication: Reliably identify the sender of a message Example: A sends to B; B must know A sent message A->B: {Msg} SA B can decode {Msg} SA with PA No one else but A could have encoded a valid message Use for electronic signatures Provides positive identification Example: “I agree to pay Mary $100 per year for life” If message can be decrypted with your public key, then written by you Anyone can verify author of message

Security and Authentication with Public Keys Require both security and authentication, then combine both strategies Example: A sends a message to B that only B can read; B knows that only A could have created message A->B: {{Msg} PB } SA B: How does it decode {{Msg} PB } SA to get {Msg} PB ? B: How does B decode {Msg} PB to get Msg? Would A->B: {{Msg} SA } PB work?

Example with Public Keys How to encrypt message given following requirements: All communication channels are insecure Three parties involved –P (professor): Original sender of message –S (student): intermediary of message –E (employer): final receiver of message 1) Only E can read message 2) E must know that the message was written by P 3) Message must pass through S before getting to E –P ensures that S gives approval How?

Potential Limitations of Encryption How do you trust public keys? You hear “A’s public key is K” Problem: Who said this? What if K is really C’s public key? Solution: Authentication Server (AS) everyone trusts Everyone knows public key of authentication server (PAS) AS->B: {Public key of A is PA} SAS B decodes with PAS and know only AS could have sent message Used by HTTPS and Secure Socket Layer (SSL) Certificate from server A –{AS, A, PA, time} SAS

More Problems with Encryption Eavesdroppers can replay old messages Replaying can confuse parties or cause unwanted behavior (even though eavesdropper doesn’t know what they are replaying) Solution: Sequence numbers (nonces) or timestamps in messages Relatively slow to encode and decode messages Single private key is faster

Symmetric Key Encryption Also called Single key or Private key encryption Example: Advanced Encryption Standard (AES), Data Encryption Standard (DES) Idea: Associate conversation key (CK) with session between two users Same key used for both encoding and decoding {{Msg} CK } CK --> Msg Problem: How do you exchange conversation key? Cannot send private key over insecure channel! Example: A wants to talk securely with B, B must authenticate A is sender (do not worry about replay attacks) Simplified Solution #1: Use public key encryption to exchange session key –A->B: {A, {CK} SA } PB

Exchanging Conversation Keys Solution #2 Each user has private key, Ki Authentication server knows private keys of all users Simplified algorithm: A asks authentication server for a CK with B –A->AS: B AS replies with new conversation key, CK –AS->A: {CK, {A,CK} KB } KA –If decrypted msg makes sense, only AS could have sent –Only A can decrypt message and get CK A sends message to B telling it CK –A->B: {A,CK} KB –No one could modify message to change name of sender from A Who can listen to conversation?

Secure Signatures Problem: How to know if binary file is modified in transit? Could encrypt entire file, but slow if not concerned with eavesdropping Solution: Secure checksum, message digest, digital fingerprint Function(Msg) --> large integer (e.g., 1024 bits) Difficult for adversary to find another msg that maps to same integer Example: A sends file to B A calculates checksum of file; ask AS to encrypt A sends file and encrypted checksum to B B receives file and computes checksum B ask AS to decode encrypted checksum so it can compare

Encryption Safety How safe is encryption? Can private keys be found? Crack with brute force guessing, use many machines –Look for understandable text in decoded version Safety depends on length of keys –DES 56 bit keys --> 2 56 possible keys Cracked in < 24 hours –AES has 128 bit keys Solutions Upgrade encryption (key length) as machines become faster Remove known patterns from clear text –(e.g., compress text first) Do not send large amounts of data with same key –Change keys frequently

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.