Ch12 Encryption


Published on

Published in: Technology, Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ch12 Encryption

  1. 1. Lesson 12-Encryption
  2. 2. Overview Understand basic encryption concepts. Understand private key encryption. Understand public key encryption. Understand digital signatures. Understand key management. Understand trust in the system.
  3. 3. Understand Basic Encryption Concepts Encryption is simply the obfuscation of information in such a way so as to allow authorized individuals to see it, but to hide it from unauthorized individuals. Individuals having the appropriate key to decrypt the information are defined as authorized.
  4. 4. Understand Basic Encryption Concepts Security Services with encryption: Confidentiality: Used to hide information from unauthorized individuals, either in transit or in storage. Integrity: Used to identify changes to information either in transit or in storage. Accountability: Used to authenticate the origin of information and prevent the origin of information from repudiating the fact that the information came from that origin.
  5. 5. Understand Basic Encryption Concepts Encryption terms: Plaintex Ciphertex Algorithm Key Encryption
  6. 6. Understand Basic Encryption Concepts Encryption terms (continued): Decryption Cryptography Cryptographer Cryptanalysis Cryptanalyst
  7. 7. Understand Basic Encryption Concepts Encryption systems can be attacked in three ways: Through weaknesses in the algorithm. Through brute force against the key. Through weaknesses in the surrounding system.
  8. 8. Understand Private Key Encryption Private key encryption: Requires all parties who are authorized to read the information to have the same key. Reduces the overall problem of protecting the information to one of protecting the key. Is the most widely used encryption.
  9. 9. Understand Private Key Encryption What is private key encryption? Substitution ciphers. One-time pads. Triple DES. Data encryption standard. Password encryption.
  10. 10. What is Private Key Encryption? Private key encryption is also known as symmetric key encryption because it uses the same key to encrypt information as is needed to decrypt. Private key encryption provides for the confidentiality of the information while it is encrypted. Only those who know the key can decrypt the message.
  11. 11. What is Private Key Encryption? Private key algorithm
  12. 12. Substitution Ciphers Julius Caesar used a K is the key to the cipher. substitution cipher called the Ex. K = 3 Caesar cipher. UNIVERSITY This cipher consists of replacing ↓ XQLYHUVLWB each letter with the letter three positions later in the alphabet.
  13. 13. Substitution Ciphers Substitution ciphers suffer from one primary weakness—the frequency of the letters in the original alphabet does not change. Further development of frequency analysis also shows that certain two- and three-letter combinations show up frequently.
  14. 14. One Time Pads The One Time Pads (OTPs) system is the only theoretically unbreakable encryption system. An OTP is a list of numbers, in a completely random order. It is used to encode a message. As its name implies, the OTP is only used once. OTPs are used (but only for short messages) in very high- security environments.
  15. 15. Data Encryption Standard The algorithm for the Data Encryption Standard (DES) was developed by IBM in the early 1970s. DES uses a 56-bit key. The key uses 7 bits of eight 8-bit bytes (the 8th bit of each byte is used for parity). DES is a block cipher that operates on one 64-bit block of plaintext at a time. There are 16 rounds of encryption in DES, where each round uses a different subkey.
  16. 16. Data Encryption Standard DES Block Diagram
  17. 17. Data Encryption Standard There are four modes of operation for DES: 1. Electronic code book. 2. Cipher block chaining. 3. Cipher feedback. 4. Output feedback.
  18. 18. ECB
  19. 19. CBC
  20. 20. CFB Encryption
  21. 21. CFB Decryption
  22. 22. OFB Encryption
  23. 23. OFB Decryption
  24. 24. Triple DES Triple DES functional Diagram
  25. 25. Password Encryption The standard Unix password encryption scheme is a variation of DES. The password encryption function is actually a one-way function. Each user chooses a password. The algorithm uses the first eight characters of the password. The system then chooses a 12-bit number based on the system time. This is called the salt. Most Unix systems now offer the option of using shadow password files for just this reason.
  26. 26. The Advanced Encryption Standard: Rijndael At the end of 2000, NIST announced that Joan Daemen and Vincent Rijmen, cryptographers from Belgium, had won the competition with their algorithm Rijndael. Rijndael is a block cipher that uses keys and blocks of 128, 192, or 256 bits. These key lengths make brute-force attacks computationally infeasible at this time. The algorithm consists of 10 to 14 rounds, depending on the size of the plaintext block and the size of the key.
  27. 27. Other Private Key Algorithms There are several other private key algorithms available in various security systems. Among them are the following: The International Data Encryption Algorithm (IDEA) was developed in Switzerland. IDEA uses a 128-bit key and is also used in Pretty Good Privacy (PGP). RC5 was developed by Ron Rivest at MIT. It allows for variable length keys.
  28. 28. Other Private Key Algorithms Private key algorithms (continued): Skipjack was developed by the United States government for use with the Clipper Chip. It uses an 80-bit key, which may be marginal in the near future. Blowfish allows for variable length keys up to 448 bits and was optimized for execution on 32-bit processors.
  29. 29. Understand Public Key Encryption Public Key encryption is a more recent invention than private key encryption. The primary difference between the two types of encryption is the number of keys used in the operation. The private key encryption uses a single key to both, encrypt and decrypt information. The public key encryption uses two keys. One key is used to encrypt information and a different key, to decrypt it.
  30. 30. Understand Public Key Encryption What is public key encryption? Diffe-Hellman key exchange. RSA.
  31. 31. What is Public Key Encryption The public key is published with information as to who is the owner. Another property of public key encryption is that if you have one of the keys of a pair, you cannot compute the other key. If confidentiality is desired, encryption is performed with the public key.
  32. 32. What is Public Key Encryption Public key encryption
  33. 33. Diffe-Hellman Key Exchange The Diffe-Hellman key exchange was developed to solve the problem of key distribution for private key encryption systems. The idea was to allow a secure method of agreeing on a private key without the expense of sending the key through another method.
  34. 34. 最早的公開金鑰加密法之一 Diffie-Hellman Protocol 1. A and B 同意共用兩個大整數 g 、 n, g < n 2. A選擇一個極大隨機亂數 x R = g x mod n 3. B選擇一個極大的隨機亂數 y , 並且計算 S = g y mod n 4. A和B交換R ,S 5. A計算 K = Sx mod n =(gy mod n)x mod n 6. B計算 K = Ry mod n =(gx mod n)y mod n K=K' 以上即使R,S在傳送過程中遭竊聽,只要x,y仍保密則K仍不易計算 得到
  35. 35. RSA In 1978, Ron Rivest, Adi Shamir, and Len Adleman released the Rivest- Shamir-Adleman (RSA) public key algorithm. Unlike the Diffe-Hellman algorithm, RSA can be used for encryption and decryption. Also unlike Diffe-Hellman, the security of RSA is based on the difficulty of factoring large numbers.
  36. 36. 最有名的公開金鑰演算法 -RSA Algorithm a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n. Given: public key= (e,n) private key= (d,n) C= M e mod n M= Cd mod n =(Me)d mod n =Med mod n 其中 n=p*q, p,q皆為極大的質數 e和d的關係為先選e值使得gcd(ψ(n), e)=1, ψ(n)為小於n且和n互質 的數目的個數(稱為尤拉函數)﹐然後再選取d使得d=e-1 modψ(n) (亦即e*d modψ(n) = 1) 2002 ACM Turing Award
  37. 37. RSA Algorithm例子 1. 選p=7, q=17 2. 計算n=p q=7*17=119 3. 計算ψ(n)=(p-1)(q-1)=96 4. 選擇e=5﹐然後計算d=77 (因為5*77 mod 96 =1) 如此得到公開密鑰=(5,119), 私人密鑰=(77,119) 假設有一訊息M=19要傳送﹐則 加密: C=195 mod 119 == 66 mod 119 解密: M=6677 mod 119 = 19 mod 119
  38. 38. 到底RSA有多難破解? 1977八月號 Scientific American雜誌(RSA129挑戰 4 * 1015) n=1 1438 1625 7578 8886 7669 2357 7997 6146 6120 1021 8296 7212 4236 2562 5618 4293 5706 9352 4573 3897 8305 9712 3563 9587 0505 8989 0751 4759 9290 0268 7954 3541 e=9007 C=9686 9613 7546 2206 1477 1409 2225 4355 8829 0575 9991 1245 7431 9874 6951 2093 0816 2982 2514 5708 3569 3147 6622 8839 8962 8013 3919 9055 1829 9451 5781 5154 (已知明文中00=空白﹐01=A 02=B, …) 1994, 600人,1600部機器,耗費八個月 p=3490 5295 1084 7650 9491 4784 9619 9038 9813 3417 7646 3849 3387 8439 9082 0577 q=3 2769 1329 9326 6709 5499 6198 8190 8344 6141 3177 6429 6799 2942 5397 9828 8533 得到M= SQUEAMISH OSSIFRAGE
  39. 39. RSA The basic algorithm for confidentiality is very simple: ciphertext = (plaintext)e mod n plaintext = (ciphertext)d mod n private key = {d, n} public key = {e, n} The difficulty in calculating d given e and n provides the security.
  40. 40. Generating RSA keys To generate an RSA key pair, follow these steps: Choose two prime numbers p and q and keep them secret. Calculate n = pq. Calculate φ(n) = (p – 1)(q – 1). Select e such that e is relatively prime to φ(n). Determine d such that (d)(e) = 1 mod φ(n) and that d < φ(n).
  41. 41. Understand Digital Signatures Digital signature is a method of authenticating electronic information using encryption. Digital signatures protect information from modification after it has been received and decrypted. Digital signatures put information through a hash function to create a checksum that is encrypted with a private key and travels with the information. This checksum can be used to verify that the information was not modified.
  42. 42. Understand Digital Signatures The security and usefulness of a digital signature depend on the protection of the user’s private key and a secure hash function. A hash function is secure if: the function is one-way, and it is difficult to construct two pieces of information that provide the same checksum when run through the function.
  43. 43. Understand Digital Signatures Secure hash functions should create a checksum of at least 128 bits. The two most common hash functions are MD5 and SHA.
  44. 44. Understand Digital Signatures Digital Signature operation
  45. 45. Understand Key Management Key management is one of the most critical aspects of an encryption system. It includes creating strong keys, distributing them securely, certifying them correct, protecting while in use, and revoking them when they are compromised or expired. Most encryption systems have a method for users to generate keys—in many cases, the user chooses a password.
  46. 46. Understand Key Management Keys must be transported securely to ensure the integrity of the keys. If keys are transmitted, they must be checked on arrival to ensure they have not been manipulated (usually done manually or by digital signatures).
  47. 47. Understand Key Management Certificate Authorities (CAs) ensure the integrity of the keys and prevent an attacker from introducing their own keys. Public keys require integrity protection (provided by certification), but they do not require confidentiality protection. However, all copies of the private key of a public key system must be protected at all times.
  48. 48. Understand Key Management Session keys may only exist for a given session and may be deleted after the session. Public key pairs are generally certified for one or two years. If a key is lost or compromised, the owner of the key should inform users that it is not to be used. In the case of a public key encryption system, the owner must post the revocation to all of the potential key servers.
  49. 49. Understand trust in the System Trust is the underlying concept of all security and encryption. There are two primary models that are used for trust: Hierarchical trust Web of trust
  50. 50. Understand trust in the System The Hierarchical Trust model is based on a chain of authority, in which you trust someone if someone higher up in the chain certifies it. The Hierarchical Trust model is complicated to put into practice because there is no real root-level CA. Establishing an internal CA and public key infrastructure for a business is a challenging task that demands a lot of resources.
  51. 51. Understand trust in the System The Web of Trust model was first used by Pretty Good Privacy (PGP). It is based on the concept that each user certifies their own certificate and passes that certificate off to known associates. The primary advantage is that there is no large investment in infrastructure. The primary disadvantage is a lack of scalability.
  52. 52. Summary Encryption is simply the obfuscation of information in such a way so as to allow authorized individuals to see it, but to hide it from unauthorized individuals. The Private Key encryption requires all parties authorized to read the information to have the same key. The Public Key encryption uses two keys. One key is used to encrypt information and another key is used to decrypt it.
  53. 53. Summary A digital signature is a method of authenticating electronic information using encryption. Key Management includes creating strong keys, distributing them securely, certifying that they are correct, protecting them while they are in use, and revoking them when they are compromised or expired. There are two primary models that are used for trust: Hierarchical Trust and Web of Trust.