Your SlideShare is downloading. ×
0
Cryptography 101
By Aman Hardikar
Contents / Topics
INTRODUCTION
SYMMETRIC CRYPTOGRAPHY
Block Ciphers
 Introduction
 Terms
 Modes
Stream Ciphers
 Intr...
Introduction
Cryptography
Securing information in a form only readable by end parties
Cryptography Primitives (building bl...
Types
Symmetric Cryptography
One key for both encryption and decryption
Asymmetric Cryptography (Public Key Cryptography)
...
Symmetric Cryptography
Advantages
Small Key Size
• Size ∞ Computational Power
Disadvantages
Key Management and transfer/sh...
Symmetric Crypto - Types
Block Ciphers
Divides the text into blocks and acts on each of them
Stream Ciphers
Acts on each b...
Block Cipher Terms
Key Size
Effective Key Size
Block Size
Initialization Vector (IV)
Work Factor
Block Cipher Examples
Lucifer (64 bits), DES/DEA (56 bits), DESX (184 bits)
3DES / TDES / TripleDES (168 bits)
 EEE, EDE,...
Block Cipher Modes
ECB (Electronic Code Book)
CBC (Cipher Block Chaining)
 CBC$
 CBCC
PCBC (Propagating CBC)
CFB (Cipher...
Block Cipher Modes (2)
CMAC (Cipher based MAC)
Integrity + Authentication
CCM (Counter with CBC-MAC)
Integrity + Authentic...
Block Cipher Modes (3)
Properties:
 Provide Confidentiality
 Fast Data Storage and Retrieval
 Efficient Use of Disk Spa...
Stream Ciphers
Uses key streams
Acts on bits of text
Most Hardware Implementations use these
Less complex than block ciphe...
Stream Cipher Types
Synchronous
These generate random sequence of bits independent of the plain text
and cipher text.
Ex: ...
Asymmetric Cryptography
Advantages
Key Management
Disadvantages
Large Key Size
• Size ∞ Computational Power
Provides
Confi...
Asymmetric Crypto Terms
Trapdoor Functions
 Mathematical functions that are easy to apply in one direction,
but extremely...
Asymmetric Ciphers
DH (DHM)
Based on discrete logarithms
No Authentication
• Digital Signature Required
RSA
Based on facto...
Elliptical Curve Cryptography
Mathematical equations that use Elliptical Curves
Advantages:
 Small Key Size (Size ∞ Compu...
Hash Functions
Provides condensed representation of a given text or message
(Message Digest)
Provides
Integrity, Origin Au...
Merkle Damgard Technique
A method to build collision resistant hash functions
Used by common hash functions like MD5, SHA1...
Block Ciphers - MAC
Block Ciphers can also be used as hash functions
MDC-2 – 128 bits
Whirlpool – 512 bits
Used in Message...
Hash Functions - MAC
Hash Algorithms can also be used to produce MAC
Two Types
MDx-MAC Scheme
 Uses modified hash functio...
Digital Signatures
Equivalent to physical signature
Provides
Integrity, Origin Authentication and Non-Repudiation
Digital Signatures (2)
Software Components
 Cryptographic Hash Function
 Key Generation Algorithm
 Signing Algorithm
 ...
Digital Envelope
Provides
Confidentiality in addition to Integrity, Origin Authentication and Non-
Repudiation
Two possibl...
Further Presentations ….
PKI 101 PKI 201 Crypto Attacks 101
Basics of PKI
infrastructure
and
Key
Management.
Advanced PKI ...
Cryptography101
Cryptography101
Upcoming SlideShare
Loading in...5
×

Cryptography101

1,315

Published on

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,315
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
81
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Cryptography101"

  1. 1. Cryptography 101 By Aman Hardikar
  2. 2. Contents / Topics INTRODUCTION SYMMETRIC CRYPTOGRAPHY Block Ciphers  Introduction  Terms  Modes Stream Ciphers  Introduction  Types ASYMMETRIC CRYPTOGRAPHY Introduction Terms Ciphers HASH FUNCTIONS Introduction Merkle Damgard Technique MAC DIGITAL SIGNATURE DIGITAL ENVELOPE Skill Level: Beginner - Intermediate
  3. 3. Introduction Cryptography Securing information in a form only readable by end parties Cryptography Primitives (building blocks of cryptographic protocols) Encryption • Involves the conversion of plain text to cipher text Decryption • Involves the conversion of cipher text to plain text Signature Generation • Involves producing a special string that can be tied to a user Signature Verification • Involves verifying who the user is from the message Key Negotiation and Exchange • Involves negotiation and exchange of keys between the various parties involved Steganography Hiding information in other files Ex: pictures, audio, video, executable files
  4. 4. Types Symmetric Cryptography One key for both encryption and decryption Asymmetric Cryptography (Public Key Cryptography) Two keys : One for encryption, other for decryption
  5. 5. Symmetric Cryptography Advantages Small Key Size • Size ∞ Computational Power Disadvantages Key Management and transfer/sharing • Number of keys required = n(n-1)/2, where n is the number of parties involved. • If there are 5 parties, then number of keys = 10 • If there are 10 parties, then number of keys = 45 • If there are 100 parties, then number of keys = 4950 Provides Confidentiality, Integrity, Origin Authentication [based on the Mode used]
  6. 6. Symmetric Crypto - Types Block Ciphers Divides the text into blocks and acts on each of them Stream Ciphers Acts on each bit of the text
  7. 7. Block Cipher Terms Key Size Effective Key Size Block Size Initialization Vector (IV) Work Factor
  8. 8. Block Cipher Examples Lucifer (64 bits), DES/DEA (56 bits), DESX (184 bits) 3DES / TDES / TripleDES (168 bits)  EEE, EDE, …. AES/Rijndael (Variable Size) IDEA Serpent, Blowfish, RC6
  9. 9. Block Cipher Modes ECB (Electronic Code Book) CBC (Cipher Block Chaining)  CBC$  CBCC PCBC (Propagating CBC) CFB (Cipher FeedBack) OFB (Output FeedBack) CTR (CounTeR)  CTR$  CTRC Above modes provide confidentiality only.
  10. 10. Block Cipher Modes (2) CMAC (Cipher based MAC) Integrity + Authentication CCM (Counter with CBC-MAC) Integrity + Authentication GCM (Galois/Counter Mode) Integrity + Authentication Above modes also provide other security services in addition to confidentiality.
  11. 11. Block Cipher Modes (3) Properties:  Provide Confidentiality  Fast Data Storage and Retrieval  Efficient Use of Disk Space CBC (Cipher Block Chaining) LRW (Liskov, Rivest and Wagner) XEX (Xor Encrypt Xor) XTS (XEX-based Tweaked Codebook Mode) CMC (CBC Mask CBC) EME (ECB Mask ECB) Above modes primarily used in Full Disk Encryption.
  12. 12. Stream Ciphers Uses key streams Acts on bits of text Most Hardware Implementations use these Less complex than block ciphers NOTE: Block Ciphers can also be used as Stream Ciphers.
  13. 13. Stream Cipher Types Synchronous These generate random sequence of bits independent of the plain text and cipher text. Ex: RC4, HC-128 Asynchronous These generate key streams based on a set of former cipher text bits. Ex: CTAK, CFB Mode Block Ciphers
  14. 14. Asymmetric Cryptography Advantages Key Management Disadvantages Large Key Size • Size ∞ Computational Power Provides Confidentiality, Integrity, Authentication, Non-Repudiation
  15. 15. Asymmetric Crypto Terms Trapdoor Functions  Mathematical functions that are easy to apply in one direction, but extremely difficult in the reverse.
  16. 16. Asymmetric Ciphers DH (DHM) Based on discrete logarithms No Authentication • Digital Signature Required RSA Based on factorisation of large numbers Example Key Sizes: 512bits, 1024bits, 2048bits Other Ciphers/Algorithms El Gamal – Based on DH Cramer-Shoup – Based on El Gamal Knapsack
  17. 17. Elliptical Curve Cryptography Mathematical equations that use Elliptical Curves Advantages:  Small Key Size (Size ∞ Computational Power)  256 bit ECC key ≈ 3072 bit RSA/DH key; 384 bit ECC key ≈ 7680 bit RSA/DH key Algorithms  Digital Signatures  ECDSA: Elliptic Curve Digital Signature Algorithm  ECPVS: Elliptic Curve Pintsov Vanstone Signatures  ECNR: Elliptic Curve Nyberg Rueppel  Key Agreement  ECMQV: Elliptic Curve Menezes-Qu-Vanstone  ECDH: Elliptic Curve Diffie-Hellman  Encryption  ECIES: Elliptic Curve Integrated Encryption Standard
  18. 18. Hash Functions Provides condensed representation of a given text or message (Message Digest) Provides Integrity, Origin Authentication Collision Situation when two different texts have the same hash Examples MD5 – 128bits – Insecure – Collisions Possible SHA1 – 160 bits – 263 Hash Operations for identifying a collision instead of 280 operations RIPEMD-160 – 160 bits – Secure (no collisions identified yet) SHA256 – 256 bits – Secure
  19. 19. Merkle Damgard Technique A method to build collision resistant hash functions Used by common hash functions like MD5, SHA1 and SHA256
  20. 20. Block Ciphers - MAC Block Ciphers can also be used as hash functions MDC-2 – 128 bits Whirlpool – 512 bits Used in Message Authentication Code (MAC) Adds a secret key to message during input • Provides Origin Authentication Provides Integrity Popular Implementation: CBC-MAC
  21. 21. Hash Functions - MAC Hash Algorithms can also be used to produce MAC Two Types MDx-MAC Scheme  Uses modified hash functions  SHA1, RIPEMD-160 can be used HMAC  Unmodified hash functions  Secret key added to message  Used in IPSec, NAS, Mobiles  Ref: RFC2104, FIPS PUB 180, ISO 9797-2
  22. 22. Digital Signatures Equivalent to physical signature Provides Integrity, Origin Authentication and Non-Repudiation
  23. 23. Digital Signatures (2) Software Components  Cryptographic Hash Function  Key Generation Algorithm  Signing Algorithm  Verification Algorithm Implemented using Public Cryptosystems: ECC, DSA, RSA, El Gamal DSA – Digital Signature Algorithm Used in Digital Signature Standard Ref: FIPS PUB 186, ISO 9696 and ISO 14888
  24. 24. Digital Envelope Provides Confidentiality in addition to Integrity, Origin Authentication and Non- Repudiation Two possible ways:  Encrypt the message and the digital signature with the recipient's public key  Encrypt the message with a secret key, then encrypt the secret key and the digital signature with recipient’s public key
  25. 25. Further Presentations …. PKI 101 PKI 201 Crypto Attacks 101 Basics of PKI infrastructure and Key Management. Advanced PKI stuff, which includes various PKI models, CRL types and auditing PKI infrastructure. Discussion on various attacks.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×