Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography and the Internet Daryl Banttari

Published byKyle Keating Modified over 11 years ago

Similar presentations

Presentation on theme: "Cryptography and the Internet Daryl Banttari"— Presentation transcript:

1 Cryptography and the Internet Daryl Banttari daryl@windsorcs.com

2 Introduction n Cryptography u There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter. --Bruce Schneier, preface, Applied Cryptography, Second Ed http://www.counterpane.com/actoc.html

3 Topics of Discussion n Types of Cryptography n Applications to the Internet u SSL u Digital Signatures u Digital Signatures and SSL u E-Mail Encryption and Authentication (PGP)

4 Types of Cryptography n Cryptographically Strong Hash Functions (MD5) n Symmetric Key (Conventional) Encryption n Public Key Encryption

5 The MD5 Hash Algorithm n Turns an arbitrary string into a 128-bit Message Digest or Hash n Always creates the same hash when given the same string n Impossible * to create a string from a hash or to alter a string and produce the same hash n Commonly used to verify that files are unaltered http://www.faqs.org/rfcs/rfc1321.html *Impossible: read Practically Impossible. It is believed to require 2 128 operations to produce a message that would create a given digest. Hash("Hello1"): 7A6D1B13498FB5B3085B2FD887933575 Hash("Hello2"): B83099B8CE596F31F2F60C8FD4D72826 Hash("Hello3"): E1C0F8926581BE86F96BD0007371CCA0

6 Symmetric Encryption n Proven and Secure n Fast n Uses the same key to decrypt as was used to encrypt n Requires out of band communication to exchange the key

7 Public Key Encryption n Pioneered by Whitfield Diffie and Martin Hellman in 1975. n Data encrypted with the Public key can only be decrypted with the Private key, even by the encrypter n Data encrypted with Private key can only be decrypted by the Public key n Commonly used to exchange a conventional session key n Public key encryption algorithms include RSA, DSA, Diffie-Hellman, Blowfish

8 SSL n Secure Server gives its Public key to the client n The client generates a conventional Session key n The client encrypts Session key with servers Public key n The rest of the communication uses Session key for speed http://developer.netscape.com/docs/manuals/security/sslin/contents.htm

9 Digital Signatures n MD5 Hash created of document n Hash in encrypted with Private key and appended to document n If the hash you decrypt using the senders Public key matches your own hash of the document: u The document must have been unaltered in transit u The document must have come from the sender n The combination of hash and private key is a Digital Signature

10 SSL Certificate Signing n Encryption does not equal authentication n Some means needed of ensuring consumer that they are sending their credit card number to the people they expect, not some lookalike Web server n Verisign et al diligently ensure the public key belongs to a given organization u Attach organization info and expiration date to public key u Digitally sign public key with attached info u Public key of major certificate signers shipped with browsers

11 E-Mail Encryption and/or Authentication n PGP is an open, reasonably easy method of applying digital signatures and encryption to e- mail n People and organizations can sign a message that can then can be verified for authenticity by their public key n PGP uses session keys like SSL, so messages can be encrypted to multiple recipients without multiplying size of message- think of a keyed safe with multiple lock-boxes attached n You must have public key of recipient to encrypt an e-mail to them, which makes encryption to mailing lists, newsgroups, etc. unfeasible http://www.pgpi.org/doc/pgpintro/

12 PGP Web of Trust n Anyone can upload keys to Key Servers-- even fake keys n If you can verify that a key belongs to its owner, you can sign that key, indicating that you have verified ownership n The Web of Trust is established by people signing other peoples keys; if you trust Person A to diligently verify identity of keys, and Person A signed Person Bs key, then you can trust that Person Bs key is authentic

13 ColdFusions hash() Function n Available with CF4.5 n Generates md5 hashes of strings in hex format (use char(32) to store) n Useful for storing passwords so they cant be read or recreated n Append an arbitrary string to salt the password hash to prevent hash dictionary attacks Hash("Hello1"): 7A6D1B13498FB5B3085B2FD887933575 Hash("Hello2"): B83099B8CE596F31F2F60C8FD4D72826 Hash("Hello3"): E1C0F8926581BE86F96BD0007371CCA0

14 Summary n An understanding of why encryption works is not necessary for an understanding of how it works n Although encryption and digital signature technology seem daunting, the processes are conceptually simple

15 What do I do with this info? n Hash passwords n Use encryption and authentication methods for secure processes n Evangelize!

Download ppt "Cryptography and the Internet Daryl Banttari"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Isiah Collins. mathematical scheme for demonstrating the authenticity of a digital message or document. (Wiki) A way to protect important documents sent.

Isiah Collins. mathematical scheme for demonstrating the authenticity of a digital message or document. (Wiki) A way to protect important documents sent.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
23 Oct 20081 PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.

23 Oct PKI for the Mystified Introduction to Public Key Infrastructure and Cryptography Ivaylo Kostadinov.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Similar presentations

Ads by Google