Presentation is loading. Please wait.

Presentation is loading. Please wait.

10 – 12 APRIL 2005 Riyadh, Saudi Arabia. Encryption in Detail: The Inner Workings Murat Lostar NOSPAM com) Information Security Consultant.

Published byNigel Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "10 – 12 APRIL 2005 Riyadh, Saudi Arabia. Encryption in Detail: The Inner Workings Murat Lostar NOSPAM com) Information Security Consultant."— Presentation transcript:

1 10 – 12 APRIL 2005 Riyadh, Saudi Arabia

2 Encryption in Detail: The Inner Workings Murat Lostar (murat@lostar NOSPAM com) Information Security Consultant

3 Cryptography The art of secret message writing. Creating texts that can only be read by authorized individuals only.

4 Simple Cryptography   Plaintext Key Ciphertext

5 Caesar Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM THE GOTHS COMETH rotate 13 positions FUR TAFUE PAYRFU Plaintext Key Ciphertext 13

6 ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA CDEFGHIJKLMNOPQRSTUVWXYZAB DEFGHIJKLMNOPQRSTUVWXYZABC EFGHIJKLMNOPQRSTUVWXYZABCD FGHIJKLMNOPQRSTUVWXYZABCDE GHIJKLMNOPQRSTUVWXYZABCDEF HIJKLMNOPQRSTUVWXYZABCD... Rotating Key Cipher SOUND THE RETREAT DEADFED VSUPC XKG UEWWEX plaintext key ciphertext

7 General Principles Longer keys make better ciphers Random keys make better ciphers Good ciphers produce “random” ciphertext Best keys are used once and thrown away

8 Symmetric (Private Key) Cryptography 8 Examples: AES, DES, RC5, IDEA, Skipjack Advantages: fast, ciphertext secure Disadvantages: must distribute key in advance, key must not be disclosed

9 DES: Data Encryption Standard Widely published & used - federal standard Complex series of bit substitutions, permutations and recombinations Basic DES: 56-bit keys Crackable in about a day using specialized hardware Triple DES: effective 112-bit key Stronger

10 AES (Rijndael) Standard replacement for DES for US government, and, probably for all of us as a result… Winner of the AES (Advanced Encryption Standard) competition run by NIST (National Institute of Standards and Technology in US) in 1997-2000 Comes from Europe (Belgium) by Joan Daemen and Vincent Rijmen. “X-files” stories less likely (unlike DES). Symmetric block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too) Fast and a lot of good properties, such as good immunity from timing and power (electric) analysis Construction deceptively similar to DES (XORs etc.) but really different

11 Asymmetric (Public Key) Cryptography 8 8 u Examples: RSA, Diffie-Hellman, ElGamal u Advantages: public key widely distributable, does digital signatures u Disadvantages: slow, key distribution

12 RSA Algorithm patented by RSA Data Security Uses special properties of modular arithmetic C = P e (mod n) P = C d (mod n) e, d, and n all hundreds of digits long and derived from a pair of large prime numbers Keys lengths from 512 to 4096 bits

13 Symmetric vs. Asymmetric Encryption Algorithm TypeDescription Symmetric (DES, TripleDES, AES, IDEA, RC2…) Uses one key to: Encrypt the data Decrypt the data Is fast and efficient Requires secure transfer of key Asymmetric (RSA, DH, DSA, ElGammal) Uses two mathematically related keys: Public key to encrypt the data Private key to decrypt the data Is slower than symmetric encryption Solves key distribution problem Hybrid (RSA/AES etc.) Symmetric encryption of data Asymmetric encryption of the symmetric key

14 Hybrid Encryption (Real World) As above, repeated for other recipients or recovery agents Digital Envelope Other recipient’s or agent’s public key (in certificate) in recovery policy Launch key for nuclear missile“RedHeat”is... Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope User’s public key (in certificate) RNG Randomly- Generated symmetric “session” key Symmetric encryption (e.g. DES) *#$fjda^ju539!3t t389E *&\@ 5e%32\^kd

15 *#$fjda^ju539!3t 5e%32\^kd Launch key for nuclear missile“RedHeat”is... Launch key for nuclear missile“RedHeat”is... Symmetric decryption (e.g. DES) Digital Envelope Asymmetric decryption of “session” key (e.g. RSA) Symmetric “session” key Session key must be decrypted using the recipient’s private key Digital envelope contains “session” key encrypted using recipient’s public key Recipient’s private key Hybrid Decryption

16 Public Key Encryption: The Frills Frill (add-on)Technique Fast encryption/decryptionDigital envelopes Authentication of senderDigital signature Verification of message integrityMessage digests Safe distribution of public keysCertifying authorities

17 Digital Envelopes 88 session key public key private key

18 Digital Signatures 88 public key private key

19 Message Digests sender’s public key sender’s private key hash

20 Verifying Simple Data Integrity with Hashes (Message Digests) User A User B Data Hash Value Hash Algorithm Data Hash Value Hash Algorithm If hash values match, data is valid User A sends data and hash value to User B

21 Creating a Digital Signature Hash Function (SHA, MD5) Jrf843kjfgf* £$&Hdif*7o Usd*&@:<C HDFHSD(** Py75c%bn&*)9|fDe^b DFaq#xzjFr@g5=&n mdFg$5knvMd’rkveg Ms” This is a really long message about Bill’s… Asymmetric Encryption Message or File Digital Signature 128 bits Message Digest Calculate a short message digest from even a long input using a one-way message digest function (hash) Signatory’s private key private

22 Verifying a Digital Signature Jrf843kjf gf*£$&Hd if*7oUsd *&@:<CHD FHSD(** Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” Asymmetric decryption (e.g. RSA) Everyone has access to trusted public key of the signatory Signatory’s public key Digital Signature This is a really long message about Bill’s… Same hash function (e.g. MD5, SHA…) Original Message Py75c%bn&*) 9|fDe^bDFaq #xzjFr@g5= &nmdFg$5kn vMd’rkvegMs” ? == ? Are They Same?

23 Certifying Authorities

24 X.509 Certificate Certificate Authority Digital Signature of All Components Together: Serial Number Issuer X.500 Distinguished Name Validity Period Subject X.500 Distinguished Name Subject Public Key Information Key/Certificate Usage Extensions OU=Project Botticelli… The Key or Info About It

25 Hierarchy of Trust

26 Transmitting Public Keys 8 8

27 Future is Here: Quantum Cryptography Method for generating and passing a secret key or a random stream Not for passing the actual data, but that’s irrelevant Polarisation of light (photons) can be detected only in a way that destroys the “direction” (basis) So if someone other than you observes it, you receive nothing useful and you know you were bugged Perfectly doable up to 120km long fibre-optic link Commercial applications available as of Nov 2003 (BB84) Don’t confuse it with quantum computing, which won’t be with us for at least another 50 years or so, or maybe longer…

28 For more information The Code Book (Simon Singh) ISBN: 0385495323 RSA (www.rsa.com)www.rsa.com Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-11709-9 Foundations of Cryptography, O. Goldereich, www.eccc.uni-trier.de/eccc-local/ECCC- Books/oded_book_readme.html www.eccc.uni-trier.de/eccc-local/ECCC- Books/oded_book_readme.html

29 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "10 – 12 APRIL 2005 Riyadh, Saudi Arabia. Encryption in Detail: The Inner Workings Murat Lostar NOSPAM com) Information Security Consultant."

Similar presentations

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb stephlam@microsoft.com http://blogs.technet.com/steve_lamb.

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Crytography Chapter 8.

Crytography Chapter 8.
SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki Strategic Consultant Project.

SEC390 A-to-Z of Public Key Infrastructure (PKI) Rafal Lukawiecki Strategic Consultant Project.
Mostly borrowed & updated from Steve Lamb in Microsoft Land….

Mostly borrowed & updated from Steve Lamb in Microsoft Land….
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google