Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure

Published byLucca Farinha Tavares Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure"— Presentation transcript:

1 Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure
CISSP Study Guide BIS 4113/6113

2 Review: Asymmetric Crytography
Users make public keys available to everyone Public Key Servers Private key used for decryption held in reserve Only the user can decrypt the message Internet Encryption Decryption P C C P Receiver’s Public Key Receiver’s Private Key

3

4 Asymmetric Encryption
To encrypt my personal info, credit card info, and order info, my browser retrieves Whole Foods’ ______________. public encryption key My information is converted from plain text into ______________. cipher text The order goes through the unsecure network and is received by Whole Foods. In order to convert the order back to plaintext, Whole Foods uses its ________________________. private decryption key

5 PKI Operations 1 B makes its public key widely available (say through the Internet) 2 message sender 3 No security hole is created by distributing the public key, since B’s private key has never been distributed. message recipient

6 Message Source Authentication: Digital Signatures (p.243)
Enforce non-repudiation Ensure message integrity during transmission

7 Certificate Authority
(p.244)

8 Transmission with Digital Signatures
Signed signature Digital Signature only Authenticated signature

9 Which key should I use? (p.241)
If you want to encrypt a message  If you want to decrypt a message sent to you  If you want to digitally sign a message  If you want to verify a message sent to you  Use recipient’s public key Use your private key Use your private signature Use the sender’s public signature

10 RSA Encryption (p ) Used by Microsoft, Nokia, Cisco, and 90% of Fortune 500 Works using “large” prime numbers Choose two: p and q 200 digits each n = p * q Select another number (e) e is less than n e is prime e and (n-1) * (q-1) have no common factors Select another number (d) (e*d – 1) mod ((p-1)(q-1)) = 0 e and n are public keys, d is private key (1088 bit) CT = PTE mod N PT = CTD mod N

11 Strength of Encryption
Key length (or key size) Measured in bits Key of n bits = 2n possible keys Algorithm cannot be larger than key size, but can be smaller Encryption as a weapon? Export Administration Regulations (EAR) Limits: 64 bit symmetric, 768 bits asymmetric

12 Breaking encryption Brute force
56 bit encryption considered insufficient RSA Secret Key Challenge (1997) 56 bit key broken in 250 days  It’s time to move to a longer key length 64 bit key broken in 5 years (1000s of PCs) Some things are better left unread Distributed.net: Rc5-72 challenge Asymmetric key information in public key helps Keys with 128 bits are practically unbreakable SSL bits (next slides) Federal minimum for top secret info: 256 bits

13

14

15 “P2PE”

16 Secure Sockets Layer (SSL)
Application SSL Transport Network Data Link Physical A protocol widely used on the Web Operates between the application and transport layers Early versions were 40 bit keys Google SSL: 2048 bit Operations of SSL Negotiation for PKI Server Send its public key and encryption technique to be used (e.g., RC4, DES) Browser Generates a key for this encryption technique; and sends it to the server (by encrypting with servers public key) Communications Encrypted by using the key generated by browser

17 Digital Rights Management (p.252-254)
Encryption used to enforce copyright standards for digital media Music Movie E-books Documents Video games Steve Jobs’ open letter against DRM (2/6/2007) “The problem, of course, is that there are many smart people in the world, some with a lot of time on their hands, who love to discover such secrets and publish a way for everyone to get free (and stolen) music. They are often successful in doing just that, so any company trying to protect content using a DRM must frequently update it with new and harder to discover secrets. It is a cat-and-mouse game.”

Download ppt "Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure"

Similar presentations

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/1.1 200 OK.

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.

Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Similar presentations

Ads by Google