Presentation is loading. Please wait.

Presentation is loading. Please wait.

BCIS 4630 Fundamentals of IT Security

Published byVirgil Pierce Harris Modified over 8 years ago

Similar presentations

Presentation on theme: "BCIS 4630 Fundamentals of IT Security"— Presentation transcript:

1 BCIS 4630 Fundamentals of IT Security
CRYPTOGRAPHY Dr. Andy Wu

2 Overview Key crypto concepts Symmetric encryption
Key terms XOR Symmetric encryption Asymmetric encryption Hashes

3 Cryptography Cryptography primarily protects confidentiality, integrity, authentication, and non-repudiation. All the current encryption schemes are based upon an algorithm, a recursive computational procedure for solving a problem in finite steps. Modern cryptography manipulates data in binary form. ASCII provides a standard way to map characters to numbers.

4 Key Terms (No Pun Intended)
Plaintext The data that you want to keep secret. It is a human-readable text file or a computer-recognizable binary file. Ciphertext Once the plaintext is encrypted, it becomes ciphertext. No longer human-readable or computer-recognizable. Algorithm Predefined procedures regarding how the plaintext will be scrambled. Key Needed to scramble the plaintext.

5 Caesar’s Cipher A is now D; B is E; C is F; etc.
Shift the alphabet by three positions (key) Plaintext: BCIS Ciphertext: EFLV To decrypt, shift back three positions (key)

6 Ensuring Security Putting the algorithm under public review actually improves the strength of the algorithm. A common attack on cryptography is the brute-force attack. It tries every possible key until the correct one is found. Advances in technology and computer performance have made brute-force attacks increasingly practical. Any predictability in key space makes the attacker’s job easier.

7 The Key The strength of a cryptosystem lies in the secrecy and length (size) of the keys that are used, rather than keeping the algorithm itself a secret. Key size is usually expressed in bits. A longer key increases the number of possible keys. The keyspace comprises all possible key values.

8 Exclusive OR (XOR) A useful bit manipulation technique in cryptography. The symbol for XOR is . The XOR product is 0, if the two bits are the same. 1, if the two bits are different. Encryption takes advantage of an important property of XOR: If A  B = A’, then A’  B = A XOR 1

9 XOR Example  = =

10 Symmetric Encryption The same key is used to:
Encrypt the plaintext into ciphertext. Decrypt the ciphertext into plaintext.

11 Symmetric Encryption Is Like A …
… dead bolt lock. The same key is used to lock (encrypt) the door (data) and to unlock (decrypt) the door (data).

12 DES DES cuts up the plaintext into 64-bit blocks. It uses 56-bit keys.
It then “scrambles” the plaintext (via “substitution” and then “permutation”) with the key repeatedly. Each repetition is called a “round”. DES performs 16 rounds on the plaintext. This is carried on until the entire message has been encrypted with DES.

13 A DES Round Source: William Stallings, Cryptography and Network Security.

14 3DES 3DES is a lot more than three times stronger than DES.
Some times Key A = Key C. A brute force attack would have to try 2112  5.19  1033 possible key values. Suppose the processing speed is 1012 keys/second, 5.19  1012 keys/sec. = 5.19  1021 sec. = 1.65  1014 year).

15 Other Symmetric Algorithms
AES (Rijndael) Pronounced as “Rain-Doll”, Flemish for “XYZ.” The candidate algorithm that NIST chose over the other four finalist as the replacement for DES. Supports 128-, 192-, and 256-bit keys. RC series RC4 is a stream cipher algorithm for symmetric encryption that normally uses a 128-bit key. RC4 is ten times faster than DES. IDEA CAST Blowfish

16 Problems with Symmetric Crypto
Requires the sender and the receiver to have the same key (a.k.a. shared key encryption). Prior arrangement for key distribution (called “out-of-band” communication) is a must. In practice, people also faced a lot of scenarios in which they need the ability to tell who has encrypted a piece of information. However, if a symmetric key is shared between two or more people, any one can encrypt it. To be able to decrypt it tells nothing about who has encrypted it; only that you also have the key.

17 Symmetric Encryption

18 Asymmetric Encryption
Also known as public key cryptography. Typically are based on difficult math problems, many of which are simple to do in one direction but difficult to do in the opposite direction. Much slower than symmetric algorithms Rely on exponentiation, which is processor-intensive; Keys generally are larger (1024- or 2048-bit) Software implementation of RSA can be hundreds times slower than DES. Thus, asymmetric algorithms typically are used only for encryption of small amounts of information, e.g., the shared key for symmetric encryption. Slow ≠ Weak

19 Keys in Asymmetric Cryptography
Uses two keys instead of one. The two keys are mathematically related through one-way functions. One is publicly available; this “public key” is not protected. The other key is the “private key” and should be kept by the owner only. If the private key is comprised, this key pair is no longer safe to use. Either key can be used to encrypt data. However, once a key is used to generate a ciphertext, it cannot be used to decrypt that same ciphertext. The other key has to be used for decryption.

20 Asymmetric Encryption
If this is used to encrypt … This has to be used to decrypt. Therefore … Public key, which is available to anyone Private key, which supposedly is accessible only to the owner If Alice wants to encrypt a message to Bob, she will go find Bob’s public key. Bob is the only one having the matching private key to decrypt it. (used for confidentiality) which supposedly is accessible only to the owner which is available to anyone If Alice can use Bob’s public key to decrypt an encrypted file, Bob must be the one who encrypted the file. (used for authentication)

21 Asymmetric Encryption - Confidentiality

22 Asymmetric Encryption - Authentication

23 Two Uses of Asymmetric Encryption
For Confidentiality Alice wants to send a secret message to Bob Alice uses Bob’s public key to encrypt message Bob uses Bob’s private key to decrypt message For Authentication Alice needs to let Bob know she is the sender of a message Alice encrypts the message with Alice’s private key Bob decrypts the message with Alice’s public key

24 Asymmetric Cryptography
No key distribution headache If Alice wants to send an encrypted message to Bob, she doesn’t have to share a key with him beforehand. She just encrypts the data with his public key. The ciphertext can only be decrypted by Bob with his private key. Better authentication than symmetric encryption. If a messaged can be decrypted by Alice’s public key, then it must be from Alice as Alice supposedly is the only one who has the matching private key.

25 RSA Name after its creators, Rivest, Shamir, and Adleman.
One of the most popular and secure asymmetric algorithms. It capitalizes on the fact that there is no efficient way to factor very large ( digits) prime numbers. A prime number is a real number that is only divisible by 1 and itself, e.g., 1, 3, 5, 7, 11, … Factoring is the process of determining whether an integer x is a prime number, and if not, which two numbers when multiplied will render the product x. Multiplying two large integers to arrive at an even larger number is easy to do. To do the reverse (factoring) is extremely, if possible at all, difficult.

26 Other Asymmetric Algorithms
Diffie-Hellman Enables two people to share a secret key without prior contacts. It relies on the difficulty in modular logarithms. El Gamal An extension of the Diffie-Hellman key exchange algorithm. It is based on the difficulty of calculating discrete logarithms in a finite field. Elliptic Curve Cryptography (ECC) Its mathematic basis is the study of elliptic curves.

27 Symmetric vs. Asymmetric
Algorithm Manipulation of bits Mathematics Number of Keys One Two Key distribution The key has to be shared “out-of-band” before encryption. No prior arrangement is necessary. Just use the recipient's public key Authentication Cannot pinpoint the sender if key is shared by more than two people. Can trace the message to the owner of the related private key. Use Bulk encryption Key distribution Digital signature Speed Fast Slow

28 Hash Function A hash function is a special mathematical algorithm that performs one-way manipulate on a file. Widely used functions include MD5 and SHA-1. The algorithm takes a message of any length and produces a fixed-length output. The hash is often called message digest.

29 Properties of Hash

30 Property 1: Non-Reversibility
Both symmetric and asymmetric algorithms are reversible. They can be converted from plaintext to ciphertext and back again, if the right key is used. Hash algorithms, however, are not reversible. Once the hash is created, there is no way to take the hash and retrieve the file that was used to generate it. That is, you cannot reconstruct the message from the digest.

31 Property 2: Uniqueness You can’t find two files that produce the same hash. A hash value is always mathematically unique because it is extremely dependent on the contents of the file. If anyone changes the file by so much as one binary digit, the resulting hash value will be different. The hash value can be used as a smaller, easier-to-handle identifier of the file.

32 Collisions A collision occurs when two different inputs are hashed to the same value. Collisions are possible. Both SHA-1 and MD5 have been cracked. Fortunately, it is also unlikely that two documents with the same hash value both make sense. The other file is likely to be a series of random characters that just happens to result in the same hash value. Therefore, the hash of a file can be used as the file’s unique identifier.

33 # of Messages Required to Find Collision
Hash Length Usually, the longer the hash value produced by the hashing algorithm, the less susceptible it is to collisions. SHA-1 and RIPEMD-160 hashes are 160-bit long. MD5 hashes are 128-bit long. Algorithm # of Messages Required to Find Collision MD5 264 ≈ 1.8 x 1019 SHA-1 280 ≈ 1.2 x 1024 RIPEMD-160 Source: Carlton Davis, IPSec, Securing VPNs.

34 Secure Hash Algorithm (SHA)
SHA was developed in 1993 by the NIST for secure hashing in the U.S. Digital Signature Standard (DSS). The revised version is SHA-1. It uses block mode, accepting an input of up to 264 bits and compressing it to 160 bits.

35 MD5 Message Digest 5 is similar to the MD4 algorithm, but it is slightly slower and more secure. MD5 creates a 128-bit hash of a message of any length.

36 Common Uses of Hashes Hash can be used to guard integrity of files.
The sender sends with a message the hash value of the message. The recipient runs the message through the same hash function and obtains her own hash value. If HSender = HRecipient, then the file has not been tampered with. This use is based on the “uniqueness” property.

37 Verifying File Integrity with Hashes

38 Verifying File Integrity with Hashes

Download ppt "BCIS 4630 Fundamentals of IT Security"

Similar presentations

Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Similar presentations

Ads by Google