Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Cryptography

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Cryptography"— Presentation transcript:

1 Introduction to Cryptography

2 Objectives A conceptual understanding of secret-key, public-key, and hashing cryptographic algorithms and how they fit into the notion of certificates and how these certificates form the basis of Public Key Infrastructure (PKI).

3 Why Cryptography Scramble data to keep it private
Detect whether data has been changed Provide proof of origin, receipt, transaction.. Provide digital identities

4 Cryptographic Functions
Three types - each with strengths and weaknesses depending upon their intended use. Secret-Key (Symmetric) Cryptography - Same shared key Public-Key (Asymmetric) Cryptography - Different but related keys Hash Function

5 Secret-Key Cryptography
Characteristics Relatively fast Poses key delivery challenges when faced with large numbers of senders/receivers Popular Implementations Data Encryption Standard (DES) 56 bit key (plus 8 parity bits) Triple DES RSA’s RC2, RC4, RC5

6 Secret-Key Cryptography
Examples of usage Encryption of bulk data and protection of ATM PINs

7 Public-Key Cryptography
Characteristics Slower than secret-key cryptography Designed to accommodate key delivery and scalability Key Strengths 512 to 2048 bits Popular Implementations RSA - encryption and digital signature El Gamal and DSS - digital signatures Diffie-Hellman -secret-key establishment

8 Public-Key Cryptography
Examples of Usage Authentication - encrypting challenge Key Distribution - encrypting session key

9 Hash Algorithms Characteristics
Message of length n - Hash Function > h (Fixed length, short number Characteristics Easy to compute There is no way to get from the hash to the original message, that is any simpler than going though all possible values of the original message and computing the hash for each one It should be computationally infeasible to find two messages that hash to the same thing. Popular implementations - SHA-1, MD2, MD4, MD5

10 Hash Algorithms Examples of Usage
System can store hashes of passwords instead of the password itself Message integrity - send messages and the hash of (message/secret-password) Digital signature

11 Digital Signatures Alice Signs with her Private Key - s / file transfer/ floppy ----> Recipient Verifies with Alice’s Public Key Definition/Characteristics A digital signature is a number associated with a message, generated using the private key of the sender Anyone with Alice’s public key can verify that it is Alice’s signature Proves the message has not been altered in any way since the signature was applied Provides non-reputable source of origin

12 Digital Signatures Popular implementations - RSA+MD5, RSA+SHA-1, DSS+SHA-1 Examples of Usage Signed mail Signed code (Java applets, Active X controls)

13 Hashes and Digital Signatures
SHA-1 Signed Alice’s Plain text h Alice signs the hash (encrypts the hash with her private key) Signed Bob decrypts the signed hash with Alice’s Public key h Bob If hashed match Only Alice could have signed Plain text did not change h Bob hashes the plain text to derive the hash

14 Certificates (x.509 V3) Question - Can I trust the Public Key?
Answer - Yes, if it backed up by some trustworthy authority. User Certificates Trusted Method to Store Public Key Binds Public Key to User CA Certificates Well Known Public Key for Signature Verification Delivered with Browser, Server, Mutually installed on Browser / Server

15 Encryption Can be employed at Different Levels
Field Level - Client Browser ---> s-HTTP Web Server Status- not supported - being dropped from products Message Level - Mail Sender ---> S-MIME /Open PGP - Mail Server - Advantage - Mail is often intended to be kept secret as an entire unit Transport Level - Client Browser ---> SSL/TLS - Web Server - Advantage - Useful when a session’s interactions needs to be kept secret Datagram Level - Firewall ---> IPSec Firewall - Advantage Encrypted pipe enables multiple sessions to be encrypted with only single IPSec setup overhead

16 Public-Key Infrastructure (PKI)

17 PKI - Continued

18 PKI - Continued

19 PKI Aspects - Establishing Trust
Need to establish trust with other CA’s divisions of a corporation trading partners suppliers competitors Trust Models Flat certificate model Hierarchical certificate model Cross-certification - allows one CA to recognize the authority of another - CAs certify each other Link X.500 directories

20 PKI Aspects - CAs & RAs Certificate Authority Registration Authority
Policy Profile CA key management Handle exceptions Support users Registration Authority Authenticate applicants Select attributer Approve and forward Request revocation Help manage policy

21 Network Security -SSL Secure Sockets Layer (SSL)
Cryptographic protocol for protecting digital communication between client & server Can also be used server to server Standard, efficient and widely deployed (Web Servers - Apache, Netscape, Microsoft -IIS …etc)

22 SSL- How it works Negotiate Options Authenticate Distribute Keys
One or Two way Authentication Which Crypto Suite Authenticate Exchange Certificate(s) Validate Certificate(s) Random Number Challenge(s) Distribute Keys Generate Secret Keys Exchange Secret Keys Flow Secure Data Encryption Modification Detection Compression

23 SSL- How it works Client Server (Alice) (Bob)
< > Negotiate Options Authenticate Distribute Keys Flow Secure Data < >

24 History of SSL/TLS SSL Version 1 - was quickly replaced by SSL version 2 . Not in use today SSL Version 2 - some security problems; 1-way (server) authentication Private Communication Technology (PCT) - Microsoft’s response to SSL 2.0. Fixes some problems, but supplanted by SSL V3. SSL version 3 - Complete redesign of SSL. Fixed the problems in previous versions and added many features Transport Layer Security (TLS) - IETF standard, based on SSL V3, under development

25 IPSec Overview A framework that provides network layer security via protection for IP datagram transit Origin authentication, integrity, confidentiality, and key management Basis for virtual private networks (VPNs) IPSec support in TCP/IP Firewall - All connections among IP-Addressable entities Involves 3 protocols: Authentication Header (AH) protocol Encapsulating security payload (ESP) ISAKMP/Oakley

26 IPSec Enables Virtual Private Networks
Via the internet, the corporate network can be securely extended to include remote nodes/networks IPSec enables a secure pipe or tunnel to be established

27 ISAKMP/Oakley Internet Security Association and Key Management Protocol IETF Standardized Framework Negotiate security associations Crypto key generation/refresh Oakley is the mandatory key management protocol within ISAKMP Essential for success/growth of VPNs Secure key exchange is most important element Automated key distribution, without manual intervention facilitates scalability

28 IPSec Modes - Tunnel and Transport
IPSec tunnel and transport work together to allow tailoring of protection: end-to-end and tunnel specific Transport modes: end-to-end original IP datagram header is used for routing intranet addresses typical example - exchanges between a server in one intranet and client in another Tunnel modes: tunnel-specific protection outer IP header created and used for routing internet addresses typical example - firewall to firewall VPN

29 IP Authentication Header (AH)
Two Modes: Transport and Tunnel Datagram content is clear text AH provides data integrity and data origin authentication Protection for entire datagram Data integrity is assured by the checksum generated by a message authentication code (MD5)

30 Encapsulating Security Payload (ESP)
Two Modes: Transport and Tunnel IP datagram can be encrypted entirely (Tunnel Mode), or payload only (transport mode) Also provides data integrity and origin authentication ESP’s encryption uses a symmetric shared key

Download ppt "Introduction to Cryptography"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.

Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Similar presentations

Ads by Google