Upcoming SlideShare
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Standard text messaging rates apply

# Quan nguyen symmetric versus asymmetric cryptography

631

Published on

Quan nguyen symmetric versus asymmetric cryptography

Quan nguyen symmetric versus asymmetric cryptography

Published in: Technology, Education
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total Views
631
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
17
0
Likes
0
Embeds 0
No embeds

No notes for slide

### Transcript

• 1. Symmetric versus Asymmetric Cryptography
• 2. Why is it worth presenting cryptography? • Top concern in security • Fundamental knowledge in computer security A review for those who have taken the course Computer Security (and Integrity) A need for those who have not
• 3. Two kinds of Cryptography Symmetric 1) 2) 3) 4) 5) Alice and Bob agree on a cryptosystem Alice and Bob agree on a key Alice takes her plaintext message and encrypts it using the encryption algorithm and the key. This creates a ciphertext message Alice sends the ciphertext message to Bob Bob decrypts the ciphertext message with the same algorithm and key and reads it Asymmetric 1) 2) 3) 4) Alice and Bob agree on a public-key cryptosystem Bob sends Alice his public key Alice encrypts her message using Bob’s public key and sends it to Bob Bob decrypts Alice’s message using his private key
• 4. Problems Symmetric • Keys must be distributed in secret • If a key is compromised, Eve (eavesdropper) can  decrypt any message  pretend to be one of the parties • A network requires a great number of keys Asymmetric • slow (~1000 times slower than the symmetric) • vulnerable to chosenplaintext attacks
• 5. Public-key algorithms • are not a substitute for symmetric algorithms • are not used to encrypt messages, they are used to encrypt keys (session keys used with symmetric algorithms to secure message traffic)
• 6. Hybrid Cryptosystems 1) Bob sends Alice his public key. 2) Alice generates a random session key, K, encrypts it using Bob’s public key, and sends it to Bob. EB(K) 3) Bob decrypts Alice’s message using his private key to recover the session key. DB(EB(K)) = K 4) Both of them encrypt their communications using the same session key.
• 7. Signing Documents 1) 2) 3) 4) 5) Symmetric Alice encrypts her message to Bob with KA and sends it to Trent Trent decrypts the message with KA Trent takes the decrypted message and a statement that he has received this message from Alice, and encrypts the whole bundle with KB Trent sends the encrypted bundle to Bob Bob decrypts the bundle with KB. He can now read both the message and Trent’s certification that Alice sent it 1) 2) 3) Asymmetric Alice encrypts the document with her private key, thereby signing the document Alice sends the signed document to Bob Bob decrypts the document with Alice’s public key, thereby verifying the signature
• 8. Digital Signatures with Encryption 1) Alice signs the message with her private key SA(M) 2) Alice encrypts the signed message with Bob’s public key and sends it to Bob EB(SA(M)) 3) Bob decrypts the message with his private key DB(EB(SA(M))) = SA(M) 4) Bob verifies with Alice’s public key and recovers the message VA(SA(M)) = M
• 9. Problem with resending the message as a Receipt • Bob signs the message with his private key, encrypts it with Alice’s public key, and sends it back to Alice EA(SB(M)) • If Mallory captures the message that Alice sent to Bob and claims that it came from him VM(SA(M)) = ? • Bob still sends Mallory a receipt: EM(SB(VM(SA(M)))) = EM(DB(EM(DA(M))))  Mallory can read the message M by using his private key and public keys of Alice and Bob.
• 10. Attacks against Public-key Cryptography • How Alice gets Bob’s public key? from secure database • How to protect the public key? database is read-only to everyone, only writable to Trent Trent can sign each public key by his own private key (Key Certification Authority or Key Distribution Center)
• 11. Conclusion • No perfect method each has its own weaknesses be aware of being attacked • Good to combine different methods
• 12. Reference [1] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. Introduction to Algorithms. MIT Press and McGraw-Hill, 2001. ISBN 0-262-03293-7. Section 31.7: The RSA public-key cryptosystem, pp.881–887 [2] Bruce Schneier. Applied Cryptography. John Wiley & Sons, Inc. 1996. (ISBN: 0471128457)