Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall.

Published byGregory Butler Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall."— Presentation transcript:

1 1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall

2 2 Figure 7-1: Cryptographic System Confidentiality Authentication Message Integrity Anti-Replay Protection Client PC with Cryptographic System Software Server with Cryptographic System Software Secure Communication Provided Automatically

3 3 Figure 7-2: Plaintext, Encryption, Ciphertext, and Decryption Network Plaintext “Hello” Encryption Method & Key Ciphertext “11011101” Encryption Key Ciphertext “11011101” Plaintext “Hello” Decryption Method & Key Decryption Key Interceptor Party A Party B Note: Interceptor Cannot Read Ciphertext Without the Decryption Key

4 4 Figure 7-3: Key Length and Number of Possible Keys 1 Key Length in Bits 2 4 8 16 256 65,536 16 4 2 Number of Possible Keys 401,099,511,627,776 5672,057,594,037,927,900 1125,192,296,858,534,830,000,000,000,000,000,000

5 5 Figure 7-3: Key Length and Number of Possible Keys Key Length in Bits 112 168 256 512 1.15792E+77 1.3408E+154 3.74144E+50 5.1923E+33 Number of Possible Keys

6 6 Figure 7-3: Key Length and Number of Possible Keys Notes: Shaded keys, with lengths of more than 100 bits, are considered strong symmetric keys today. Unshaded keys, with lengths of less than 100 bits, are considered weak symmetric keys today. Public key/private key pairs must be much longer to be strong because of the disastrous consequences of learning someone’s private key and because private keys cannot be changed rapidly.

7 7 Figure 7-4: Symmetric Key Encryption for Confidentiality Network Plaintext “Hello” Encryption Method & Key Ciphertext “11011101” Symmetric Key Ciphertext “11011101” Plaintext “Hello” Decryption Method & Key Same Symmetric Key Interceptor Party A Party B Note: A single key is used to encrypt and decrypt in both directions.

8 8 Figure 7-5: Data Encryption Standard (DES) DES Encryption Process 64-Bit Ciphertext Block 64-Bit DES Symmetric Key (56 bits + 8 redundant bits) 64-Bit Plaintext Block

9 9 Figure 7-6: DES-CBC (DES-Cipher Block Chaining) First 64-Bit Plaintext Block DES Encryption Process Second 64-Bit Plaintext Block First 64-Bit Ciphertext Block Initialization Vector (IV) DES Encryption Process Second 64-Bit Ciphertext Block DES Key

10 10 Figure 7-7: Triple DES (3DES) SenderReceiver Encrypts plaintext with the 1 st key Decrypts ciphertext with the 3d key Decrypts output of first step with the 2 nd key Encrypts output of the first step with the 2 nd key Encrypts output of second step with the 3d key; gives the ciphertext to be sent Decrypts output of second step with the 1 st key; gives the original plaintext 168-Bit Encryption with Three 56-Bit Keys

11 11 Figure 7-7: Triple DES (3DES) SenderReceiver Encrypts plaintext with the 1 st key Decrypts ciphertext with the 1 st key Decrypts output with the 2 nd key Encrypts output with the 2 nd key Encrypts output with the 1 st key Decrypts output with the 1 st key 112-Bit Encryption With Two 56-Bit Keys

12 12 Figure 7-7: Triple DES (3DES) SenderReceiver Encrypts plaintext with the key Decrypts ciphertext with the key Encrypts output with the key (undoes first step) Encrypts output with the key 56-Bit Encryption With One 56-Bit Key (For Compatibility With Receivers Who Can Handle Only Normal DES)

13 13 Figure 7-8: DES, 3DES, and AES DES 56 Weak Moderate 3DES 112 or 168 Strong High AES 128, 192, 256 Strong Modest Key Length (bits) Strength Processing Requirements RAM Requirements

14 14 Symmetric Key Encryption RC4  Only 40-bit encryption  Very weak  Used in wired equivalent privacy security for 802.11 initially New

15 15 Figure 7-9: Public Key Encryption for Confidentiality Party A Party B Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Encrypted Message Encrypted Message

16 16 Figure 7-10: Strong Keys for Symmetric and Public Key Encryption Strong Symmetric KeysStrong Public and Private Keys Limited damage if cracked, so can be shorter Changed frequently, so can be shorter Serious damage if cracked, so must be longer Rarely changed, so must be longer

17 17 Figure 7-10: Strong Keys for Symmetric and Public Key Encryption Strong Symmetric KeysStrong Public and Private Keys 100 bits or more today Longer for high-value transactions Longer tomorrow as cracking power increases DES: 56-bits (weak), but 3DES gives 112-bit or 168-bit security AES: Key lengths of 128, 192, or 256; yet places a light load on processor and RAM so can be used by mobile devices IDEA: 128 bits 1,024 or 2,048 bits for RSA encryption today 512 bits for ECC encryption today Longer tomorrow as cracking power increases

18 18 Figure 7-11: MS-CHAP Challenge- Response Authentication Protocol 2. Verifier sends Challenge Message Challenge Applicant (Client) Verifier (Server) 1. Verifier creates Challenge Message Note: Both the client and the server know the client’s password.

19 19 Figure 7-11: MS-CHAP Challenge- Response Authentication Protocol 3. Applicant (Supplicant) creates a Response Message: (a)Adds password to Challenge Message (b) Hashes the resultant bit string (does not encrypt) (c) The hash is the Response Message ChallengePassword Response Hashing (Not Encryption)

20 20 Figure 7-11: MS-CHAP Challenge- Response Authentication Protocol 4. Applicant sends Response Message without encryption Transmitted Response

21 21 Figure 7-11: MS-CHAP Challenge- Response Authentication Protocol ChallengePassword Expected Response Hashing 5. Verifier adds password to the Challenge Message it sent. Hashes the combination. This is the expected Response Message.

22 22 Figure 7-11: MS-CHAP Challenge- Response Authentication Protocol Expected ResponseTransmitted Response =? 6. If the two Response Messages are equal, the applicant knows the password and is authenticated. Sever logs Client in. 7. Note that only hashing is involved. There is no encryption.

23 23 Hashing Hashing is a one-way function. It cannot be reversed  From the hash, you cannot compute the original message Hashing is repeatable  If two parties apply the same hashing method to the same bit string, they will get the same hash

24 24 Figure 7-12: Encryption Versus Hashing Encryption Uses a key as an input to an encryption method Output is similar in length to input Reversible; ciphertext can be decrypted back to plaintext Use of Key Length of Result Reversibility Hashing Key is usually added to text; the two are combined, and the combination is hashed Output is of a fixed short length, regardless of input One-way function; hash cannot be “de-hashed” back to the original string

25 25 Figure 7-13: Digital Signature for Message-by-Message Authentication To Create the Digital Signature: 1. Hash the plaintext to create a brief message digest; this is NOT the Digital Signature. 2. Sign (encrypt) the message digest with the sender’s private key to create the digital signature. 3. Transmit the plaintext + digital signature, encrypted with symmetric key encryption. Plaintext MD DS Plaintext Hash Sign (Encrypt) with Sender’s Private Key

26 26 Figure 7-13: Digital Signature for Message-by-Message Authentication 4. Encrypted with Session Key DSPlaintext Sender Receiver

27 27 Figure 7-13: Digital Signature for Message-by-Message Authentication To Test the Digital Signature 5. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest. 6. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 7. If the two match, the message is authenticated. Received Plaintext MD DS MD 5.6. Hash Decrypt with True Party’s Public Key 7. Are they equal?

28 28 Figure 7-14: Public Key Deception Impostor “I am the True Person.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Imposter’s public key, so Impostor can decrypt it Verifier Must authenticate True Person. Believes now has TP’s public key Believes True Person is authenticated based on Impostor’s public key “True Person, here is a message encrypted with your public key.” Critical Deception

29 29 Figure 7-15: Important X.509 Digital Certificate Fields FieldDescription Version Number Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard. IssuerName of the Certificate Authority (CA). Serial Number Unique serial number for the certificate, set by the CA.

30 30 Figure 7-15: Important X.509 Digital Certificate Fields FieldDescription SubjectThe name of the person, organization, computer, or program to which the certificate has been issued. This is the true party. Public Key The public key of the subject—the public key of the true party. Public Key Algorithm The algorithm the subject uses to sign messages with digital signatures.

31 31 Figure 7-15: Important X.509 Digital Certificate Fields FieldDescription Valid Period The period before which and after which the certificate should not be used. Note: Certificate may be revoked before the end of this period. Digital Signature The digital signature of the certificate, signed by the CA with the CA’s own private key. Provides authentication and certificate integrity. User must know the CA’s public key independently.

32 32 Figure 7-15: Important X.509 Digital Certificate Fields FieldDescription Signature Algorithm Identifier The digital signature algorithm the CA uses to sign its certificates.

33 33 Figure 7-16: Digital Signature and Digital Certificate in Authentication Digital Certificate Authentication Public Key of True Party Signature to Be Tested with Public Key of True Party Digital Signature

34 34 Figure 7-17: Public Key Infrastructure (PKI) with a Certificate Authority Create & Distribute (1)Private Key and (2) Digital Certificate 4. Certificate for Lee 3. Request Certificate for Lee 5. Certificate for Lee 6. Request Certificate Revocation List (CRL) 7. Copy of CRL Verifier (Brown) Applicant (Lee) Verifier (Cheng) Certificate Authority PKI Server

35 35 Certificate Authority (CA) CAs are not regulated in any country today  Anyone can be a CA  Even an organized crime syndicate  Some, such as VeriSign, are widely trusted Companies can be their own CAs  Assign keys and certificates to their internal computers  This gets around the need to trust public CAs

36 36 Figure 7-18: Public Key Distribution for Symmetric Session Keys Party A Party B 1. Create Symmetric Session Key

37 37 Figure 7-18: Public Key Distribution for Symmetric Session Keys Party A Party B 2. Encrypt Session Key with Party B’s Public Key 4. Decrypt Session Key with Party B’s Private Key 3. Send the Symmetric Session Key Encrypted for Confidentiality 5. Subsequent Encryption with Symmetric Session Key

38 38 Figure 7-19: Diffie-Hellman Key Agreement Party X Party Y 1. Agree on Diffie-Hellman Group p (prime) and g (generator) 2. Generates Random Number x 2. Generates Random Number y

39 39 Figure 7-19: Diffie-Hellman Key Agreement Party X Party Y 3. Computes x’=g^x mod p 3. Computes y’=g^y mod p 4. Exchange x’ and y’ Without Security

40 40 Figure 7-19: Diffie-Hellman Key Agreement Party X Party Y 5. Compute Key= y’^x mod p =g^(xy) mod p 5. Compute Key= x’^y mod p =g^(xy) mod p 6. Subsequent Encryption with Symmetric Session Key

41 41 Figure 7-20: Replay Attacks Replay Attacks  Retransmit an intercepted message  Message is encrypted so that replay attacker cannot read it Why Replay Attacks  Repetition might work—for instance, replaying an encrypted username and password might result in access to a poorly designed system

42 42 Figure 7-20: Replay Attacks Preventing Replay Attacks  Insert a time stamp in messages and accept messages only if they are very recent  Insert a sequence number in each message  Insert a nonce (random number selected for the occasion) in a request message; only accept a reply message with the same nonce. Other party does not accept a request message with a previous nonce

43 43 Figure 7-21: Quantum Computing and Steganography Quantum Computing  Quantum Bits (Q-Bits) In ordinary computers, each bit is either a zero or a one at any time In quantum computers, each quantum bit (q-bit) can be both a zero and a one at any moment When decohered, the q-bit becomes a classic one or zero randomly

44 44 Figure 7-21: Quantum Computing and Steganography Quantum Computing  Quantum Key Distribution (QKD) Two particles representing q-bits can be entangled so that both will be up or down when read The two entangled particles are sent to the two communicating parties Both will always read the bit the same way—as a one or a zero

45 45 Figure 7-21: Quantum Computing and Steganography Quantum Computing  Quantum Key Distribution (QKD) They will both read the stream of decohered q- bits as a key Easy to detect interception of q-bits en route by an eavesdropper QKD is becoming commercially viable

46 46 Figure 7-21: Quantum Computing and Steganography Quantum Computing  Quantum Key Cracking For determining private keys from public keys An array of N q-bits can represent all possible keys of length N Operations can be performed on all possible keys simultaneously Results are put in a results register Decoherence gives one result randomly from all possible results

47 47 Figure 7-21: Quantum Computing and Steganography Quantum Computing  Quantum Key Cracking This single result can be used to compute the private key Not instantaneous, but much faster than exhaustive key search

48 48 Figure 7-21: Quantum Computing and Steganography Quantum Computing  Quantum Key Cracking Not practical today  We can only build quantum computers with a few q-bits  Quantum computers with 1000 or more q-bits are some time off

49 49 Figure 7-21: Quantum Computing and Steganography Steganography  Steganography means hidden writing  Hiding a message in an image Every image is made of pixels There often is about one byte per pixel for each color: red, green, and blue One bit in each byte is the least significant— changing it will alter the color by only 1/256 The process steals the least significant bit from each byte

50 50 Figure 7-21: Quantum Computing and Steganography Steganography  Hiding a message in an image The message is written into these bits The message may be encrypted before writing it into the bits The picture will look unchanged

51 51 Figure 7-21: Quantum Computing and Steganography Steganography  Digital Watermarking  Using steganography to hide identifying information in a document  To prove copyright ownership  To identify different copies of a document

52 52 Figure 7-22: Cryptographic Goals and Methods ConfidentialityAuthentication Applicable. Sender encrypts with key shared with the receiver. Not applicable.Symmetric Key Encryption Applicable. Sender encrypts with receiver’s public key. Applicable. Sender encrypts with own private key. Public Key Encryption Not applicable. Applicable. Used in MS-CHAP and HMACs discussed in the next chapter. Hashing Recap: Not in Book

53 53 Topics Covered Cryptographic Systems  Provide protections to dialog automatically  Secure communication involves Confidentiality Authentication Message integrity Anti-replay protection

54 54 Topics Covered Encryption Concepts  Plaintext  Encryption with encryption method and key  Ciphertext, which is is transmitted  Decryption with decryption method and decryption key  Plaintext

55 55 Topics Covered Key  Random bit string of a particular length  Cryptanalysts try to crack keys  Exhaustive search is thwarted by having long keys  Symmetric key encryption uses a single key for both encryption and decryption in both directions  Public key encryption uses four different keys for encrytpion and decryption in both directions

56 56 Topics Covered Symmetric Key Encryption Methods  DES (56-bit block encryption method) Weak: 100 bits needed for strong symmetric key encryption  DES-Cipher Block Chaining Encryption input has three parts  Plaintext block  Key  Previous ciphertext block or initialization vector 3DES  Apply DES three times with 1, 2, or 3 keys  With 3 keys, 168-bit encryption

57 57 Topics Covered Symmetric Key Encryption Methods  DES and its variants has dominated in the past  Advanced Encryption Standard (AES) New, becoming dominant rapidly Key Length  128 bits  192 bits  256 bits Low processing and memory requirements  Can even be done on hand-held devices

58 58 Topics Covered Public Key Encryption  Each party has a secret private key and a public key  Sender uses the receiver’s public key to encrypt for confidentiality  Receiver uses the receiver’s private key to decrypt messages  Never say “the public key” or “the private key”— always refer to a specific party’s public or private key

59 59 Topics Covered Public Key Encryption Methods  RSA Dominates public key encryption today 1,024 or 2,048 bits to be strong today  Elliptic curve cryptosystem (ECC) 512 bits to be strong today (more efficient than RSA)  In contrast, symmetric key methodologies only need key lengths of 100 bits to be strong today

60 60 Topics Covered MS-CHAP  Used in initial authentication  Shared secret is the user’s password  Applicant’s computer adds password to a challenge message and hashes the combined bit string  Applicant’s computer sends the hash as the response message  Problem is that process is only as secure as the strength of the user’s password

61 61 Topics Covered Hashing  Often used in authentication  Hashing is NOT encryption  Hashing produces a result (hash) that is always the same small length regardless of the input  Hashing is repeatable: given the same bit string, will always give the same hash No key  Hashing is irreversible

62 62 Topics Covered Digital Signatures  Used in message-by-message authentication  Applicant hashes plaintext message to produce a short message digest  Applicant signs message digest (encrypts it with the Applicant’s private key) to produce the digital signature  Verifier uses the true party’s public key to test the digital signature

63 63 Topics Covered Digital Certificates  Verifier uses the true party’s public key to test the digital signature—not the sender’s public key  Where does the verifier get the true party’s public key?  Digital certificates give the true party’s name and public key  Note that both a digital signature and a digital certificate (to test the digital signature) are needed in authentication. Neither alone is enough.

64 64 Topics Covered Public Key Infrastructure  Digital certificates Do not vouch for the goodness of the true party—only the true party’s public key Follow the X.509 standard  PKI Server Distributes private keys securely Distributes public keys in digital certificates Provides certification revocation list (CRL) to ensure that digital certificate is still valid

65 65 Topics Covered Certificate Authorities (CA)  Manage the PKI  If the CA is set up by an attacker, cannot trust its digital certificates  Not regulated

66 66 Topics Covered ConfidentialityAuthentication Applicable. Sender encrypts with key shared with the receiver. Not applicable.Symmetric Key Encryption Applicable. Sender encrypts with receiver’s public key. Applicable. Sender encrypts with own private key. Public Key Encryption Not applicable. Applicable. Used in MS-CHAP and HMACs discussed in the next chapter. Hashing Recap: Not in Book

67 67 Topics Covered Key Distribution  Symmetric keys must be distributed securely between the two parties  Session keys are only used during a single communication session to prevent cryptanalysts from getting enough traffic to crack the key

68 68 Topics Covered Public Key Distribution  One party randomly generates a symmetric session key  Encrypts the key with the other party’s public key  Both have the symmetric session key, use it Diffie-Hellman Key Agreement  Mathematical way to exchange information to allow the two parties to compute the same symmetric session key

69 69 Topics Covered Replay Attacks  Attacker resends message  May be effective even if the attacker cannot decrypt the message  To thwart replay attacks, use Time stamps Sequence numbers Different nonces for each command/response cycle

Download ppt "1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga.

Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.

Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
ELC 200 Day 24. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Day 24 Agenda Student Evaluations Should be progressing on Framework –Scheduling.

ELC 200 Day 24. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Day 24 Agenda Student Evaluations Should be progressing on Framework –Scheduling.

Similar presentations

Ads by Google