Presentation is loading. Please wait.

Presentation is loading. Please wait.

©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.

Published byKelly Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation."— Presentation transcript:

1 ©Brooks/Cole, 2003 Chapter 16 Security

2 ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation. Understand how these aspects can be achieved using encryption and decryption. Understand the difference between secret-key and public-key encryption. After reading this chapter, the reader should be able to: O BJECTIVES Realize how a digital signature can provide privacy, integrity, and nonrepudiation.

3 ©Brooks/Cole, 2003 Figure 16-1 Aspects of security Privacy ( 隱私 ): only the sender and the receiver of the message are able to understand the contents of the messages. Authentication ( 証明 ): the receiver needs to be sure of the sender’s identity. Integrity ( 完整 ): the contents of the message should not be changed during transmission. Non-repudiation ( 不摒棄 ): a secure system needs to prove that the sender actually sent the message.

4 ©Brooks/Cole, 2003 PRIVACYPRIVACY 16.1

5 Privacy The privacy can be achieved using encryption ( 加密 ) / decryption ( 解密 ) methods. Two categories of encryption/decryption: Secret key Public key

6 ©Brooks/Cole, 2003 Figure 16-2 Secret key encryption ( 加密 ) Plaintext ( 顯文 ) : the data are not encrypted Ciphertext ( 密文 ) : data are encrypted Note that the secret key encryption algorithms are often referred to as symmetric encryption algorithms.

7 ©Brooks/Cole, 2003 In secret key encryption, the same key is used in encryption and decryption. However, the encryption and decryption algorithms are the inverse of each other. Note:

8 ©Brooks/Cole, 2003 An example DES: data encryption standard DES encrypts and decrypts at the bit level. The plaintext are broken into segments of 64 bits. Each section is encrypted using a 56-bit key. (Fig. 16.3) Every bit of ciphertext depends on every bit of plaintext and the key. It is very difficult to guess the bits of plaintext from the bits of ciphertext.

9 Figure 16-3 DES: data encryption standard Stage 1, 18, and 19 of the algorithm are just permutation operations. Stage 1, 18, and 19 of the algorithm are just permutation operations. Stages 2 to 17 are identical stages. Stages 2 to 17 are identical stages. The right 32 bits of a stage become the left 32 bits of the next stage. The right 32 bits of a stage become the left 32 bits of the next stage. The left 32 bits of a stage are scrambled with the key and become the right 32 bits of the next stage. The left 32 bits of a stage are scrambled with the key and become the right 32 bits of the next stage. The scrambling is complex The scrambling is complex and beyond the scope of this book.

10 ©Brooks/Cole, 2003 Privacy with secret key Data encryption standard (DNS) Data encryption standard (DNS) Advantage Advantage Efficiency Efficiency They are very good candidates for long messages. They are very good candidates for long messages. Disadvantages Disadvantages Each pair of user must have a secret key. Each pair of user must have a secret key. N people  N(N-1)/2 secrete keys N people  N(N-1)/2 secrete keys The distribution of the keys between two parties can be difficult. The distribution of the keys between two parties can be difficult.

11 ©Brooks/Cole, 2003 Figure 16-4 Public key encryption The whole idea of this method is that the encryption and decryption algorithms are of each other. The whole idea of this method is that the encryption and decryption algorithms are not the inverse of each other.

12 ©Brooks/Cole, 2003 An example RSA: Rivest-Shamir-Adleman encryption RSA: Rivest-Shamir-Adleman encryption The private key is a pair of numbers (N, d) The public key is a pair of numbers (N, e) Encryption: C = P e mod N C: ciphertext P: plaintext Decryption: P = C d mod N Fig. 16.5

13 ©Brooks/Cole, 2003 Figure 16-5 RSA An intruder ( 侵入者 ) could guess the value of d. A major concept of the RSA algorithm is the use of very large numbers for d and e.

14 ©Brooks/Cole, 2003 Choosing public and private keys Procedure: Choose two large prime numbers, p and q. Computer N = p X q Choose e (less than N) such that e and [(p -1) X (q -1)] are relatively prime (having no common factor other than 1) Choose d such that (e X d) mod [(p -1)(q -1)] is equal to 1 Example: p = 5, q = 7, N = 35, e = 11, …

15 ©Brooks/Cole, 2003 RSA Advantage Individuals can post their public key on their Web site. The number of the keys is only twice of the number of user. Disadvantage The complexity of the algorithm: calculating the ciphertext from plaintext using the long keys takes a lot of time.

16 ©Brooks/Cole, 2003 Figure 16-6 Combination The public key is used to encrypt the secret key. The secret key is used to encrypt the message.

17 ©Brooks/Cole, 2003 DIGITALSIGNATUREDIGITALSIGNATURE 16.2

18 Digital signature ( 數位簽章 ) Digital signature When an author signs a document, it cannot be changed. When you send a document electronically, you can also sign it. Digital signature can be done in two ways: You can sign the whole document You can sign a digest ( 摘要 ) of the document

19 ©Brooks/Cole, 2003 Figure 16-7 Signing the whole document You can not provide these aspects of security using the secret key. The method does not provide secrecy.

20 ©Brooks/Cole, 2003 Figure 16-8 Signing the digest The two most common hash functions are: Message digest 5 (MD5) Secure hash algorithm (SHA-1) The properties of hash function One-way: the digest can only be created from the message, but not vice versa One-to-one: be very difficult to find two messages that create the same digest.

21 ©Brooks/Cole, 2003 Figure 16-9 Sender site

22 ©Brooks/Cole, 2003 Figure 16-10 Receiver site

23 ©Brooks/Cole, 2003 Key terms Authentication Authentication Cipher-text Cipher-text DES DES Decryption Decryption Digital signature Digital signature Encryption Encryption Non-repudiation Non-repudiation Permutation Permutation Plaintext Plaintext Private key Private key Public key Public key Public key encryption Public key encryption RSA encryption RSA encryption Secret key Secret key Security Security

Download ppt "©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptographic Security CS5204 – Operating Systems1.

Cryptographic Security CS5204 – Operating Systems1.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Chapter 29 Internet Security

Chapter 29 Internet Security
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Similar presentations

Ads by Google