Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.

Similar presentations


Presentation on theme: "ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates."— Presentation transcript:

1 ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates

2 Introduction  Remember: the Internet is VERY insecure  Snoopers can access almost anything you send/receive  Most of the time – not a problem  Big deal if someone knows you went to www.uncc.edu www.uncc.edu  However, VERY big deal if someone knows your credit card number

3 Introduction  How can businesses operate properly?  Exchange data  Exchange financial information  How do you know that the “person” on the other end of a communication is really who they say they are?  Verifying identities is crucial to many activities  Without solutions to these problems the Internet becomes much less useful

4 Cryptography  Cryptography – secret writing  Altering information so anyone intercepting it cannot understand it  Three-step process  Encrypt (change plain text to ciphertext)  Transmit  Anyone intercepting sees only nonsense  Decrypt (change ciphertext back into plain text)

5 Cryptography  Key element: only recipient can change ciphertext back into plain text  Accomplished via mathematical manipulation  Treats message as a numerical sequence  Alters message using  Algorithm  Key  Result is a different numerical sequence  What gets transmitted

6 Cryptography  Algorithms produce different results if different keys are used  Guessing the key means the ciphertext can be decrypted  Thus, key length is important  Example: if every UNCC password was 1 alphabetic character long could you eventually guess it?

7 Cryptography  Why is key length important?  Example: 26 Uppercase 26 Uppercase + 26 Lowercase + 26 Lowercase + 42 special characters & numbers + 42 special characters & numbers 94 characters in “key space” 94 characters in “key space” 8 character password means 94 8 combinations 6,095,689,385,410,820 possible passwords At 1 per second would take 193,293,042 years to test all

8 Cryptography  Common encryption systems  Symmetric  Sender and receiver use same key  Asymmetric (public key – private key)  Sender and receiver  Each have two keys: public and private  Use different keys for specific situations  Sender’s key is public – made available to anyone  Receiver’s key is private  Sender’s key can only encrypt – it cannot decrypt

9 Cryptography  Messages encrypted with your public key  Cannot be decrypted except with your private key  Because only you know your private key, only you can decrypt messages intended for you  The public key is a one-way key  Encryption only

10 Cryptography  Process requires hash functions to work  Hash functions convert a message into a shorter message that has unique properties  No collisions  No reverse engineering  MD5  Most common algorithm  Ron Rivest MIT  Mathematical formula translates a file into a 128-bit hexadecimal “message digest”

11 Cryptography  Example: The quick brown fox jumps over the lazy dog 9e107d9d372bb6826bd81d3542a419d6 The quick brown fox jumps over the lazy eog ffd93f16876049265fbaef4da268dd0e

12 Cryptography  Secure Hash Algorithm (SHA)  Developed by NIST  When a message of any length < 2 64 bits is input, produces a 160-bit message digest

13 Cryptography  Example: The quick brown fox jumps over the lazy dog 2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12 The quick brown fox jumps over the lazy cog de9f2c7f d25e1b3a fad3e85a 0bd17d9b 100db4b3

14 How Cryptosystems Work Message converted via hash algorithm to a “message digest” Message Hash function Message digest Private key encrypts the “message digest” Private key Message digest Digital signature Original message Random key Encrypted message Digital signature Random key Encrypted digital signature Random key encrypts the message digest and original message Random key Mia’s public key Digital envelope Random key encrypted with Mia’s public key Encrypted digital envelope (random key) Mia’s private key Gabriel’s random key Mia decrypts digital envelope with her private key Gabriel’s random key Encrypted message Original (decrypted) message Mia decrypts message using the random key Gabriel’s public key Encrypted digital signature (message digest) Decrypted message digest Mia decrypts the digital signature Gabriel’s decrypted message Hash function Message digest Mia generates her own message digest

15 Cryptography  Gabriel wants to send a secret message to Mia  Two problems:  How does Gabriel ensure that no one but Mia can read his message?  How does Mia know the message came from Gabriel?

16 Cryptography  Hash function converts Gabriel’s message to a “message digest”  A unique digital fingerprint of the original message  Message digest encrypted using Gabriel’s private key  Produces a unique digital signature that only Gabriel could have created

17 Cryptography  Gabriel generates a new random key  Using this key he encrypts both his original message and his digital signature  The random key is the only key in the world that can decrypt the message  And only Gabriel has a copy of this key

18 Cryptography  Gabriel encrypts the random key using Mia’s public key  This is called a digital envelope  Only Mia can decrypt this value using her private key  Gabriel sends message to Mia  Encrypted message  Encrypted digital signature  Encrypted digital envelope

19 Cryptography  Mia receives message and tests  It’s content  It’s authenticity  Mia decrypts the digital envelope using her private key  This gives her the random key Gabriel used to encrypt the message and his digital signature

20 Cryptography  Using the now decrypted random key, Mia decrypts the message  However:  Was it altered enroute?  Is this message really from Gabriel?  Using the random key and Gabriel’s public key, Mia decrypts the digital signature  The message digest is now revealed

21 Cryptography  The message digest enables Mia to tell if the information she received matches the information Gabriel sent  Mia runs the decrypted message thru the same hash function that Gabriel used  This produces a new message digest

22 Cryptography  Mia compares  The message digest she generated with  The message digest she decrypted from Gabriel’s digital signature  If the two match Mia knows:  The message she received was from Gabriel  It was not altered in transit to her

23 Digital Certificates  Method of using encryption to verify the identify of an individual  Each user gets a unique certificate  Issued by a certificate authority  Charge users for the certificate  Attached to email or presented to a Web site  Verifies their identity

24 Digital Certificates  How do you get a digital certificate?  Visit a site that offers them: VeriSign VeriSign  Provide personally identifying information  Name  Address  Certificate downloaded to your PC  Includes your own private key

25 Digital Certificates  Certificate contains  Your name  Name of the certificate authority (CA)  Digital signature of the CA  Serial number of your certificate  Expiration date of your certificate  Your public key  Encrypted in a way that makes it unique to you

26 Digital Certificates  How do you use it?  Attach certificate to your email  Causes your message to be signed with your private key  Recipient gets  Email message  Information from your certificate  Used to verify that the message actually came from you

27 Secure Socket Layer

28  Used to encrypt communications between two computers  Padlock lets you know you’re secure:

29 Secure Socket Layer  Computers use combination of public-key, private-key encryption  Works like this:  Computer A generates a symmetric key and sends it to computer B using B’s public key  Computer B decrypts it using its private key  Now both computers have the same key  Communicate securely  Discard key at end of session


Download ppt "ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates."

Similar presentations


Ads by Google