2. Gaurav Mishra <gmishx@gmail.com>
Merkel Tree
• Merkel tree is a cryptographic tree
where each leaf node is a hash of data
blocks.
• Every node contains the hash of its
child node.
• The root node of the tree contains the
hash of every data element.
• It helps in verification of data in a P2P
network.
• The Merkel root hash can be obtained
from a trusted source and used to
verify the data transmitted.
27-05-2018
2
3. Gaurav Mishra <gmishx@gmail.com>
Symmetric cryptography
• Transmitting information in a medium simply is extremely dangerous as anyone who
can get access to the information can read it.
• To overcome this, people use mathematical methods to change the original message
in a way which can be simply reversed to get the original message.
• In earlier days, people use same transformation to encrypt and decrypt the message.
• The transformation requires a mathematical transformation and a secret key.
• Since same secret key is required both ways, it is called as symmetric encryption.
• It have its own shortcoming. The secret key is needed to be transmitted to both
parties, which can be captured by an attacker.
• Even without secret key, if the attacker captures the encrypted message and know the
original message, the key can be obtained.
27-05-2018
3
4. Gaurav Mishra <gmishx@gmail.com>
Asymmetric cryptography
• To overcome all of the drawbacks of symmetric cryptography, came asymmetric
cryptography.
• Asymmetric cryptography uses mathematical operations to encrypt the information
with one secret key can decrypt using another called as public and private key,
respectively. It is computationally infeasible to determine the decryption key given
only knowledge of the algorithm and the encryption key.
• Each party in the communication need to generate this public and private key pair to
participate in an encrypted communication.
• First a private key is generated using a big primary number or some random data
(based on algorithm). Using this private key, a public key is generated.
• This public key can be distributed to other participants without the fear of any
compromise. The private key is kept securely with the owner and is never shared with
anyone.
• The asymmetric keys are used in the form of X.509 certificated popularly which
includes the encryption algorithm, validity, CA authority signature and the key.
27-05-2018
4
6. Gaurav Mishra <gmishx@gmail.com>
Key exchange
• When using asymmetric cryptography in a network, the problem arise how to share
the public key with the authentication that a key belongs to the required client only.
• The public key can be exchanged using following techniques:
1. Public-key Publication
Each participant can register their public-key in person through a secure channel with a
common registrar which can be used by other participants to retrieve the public keys of a
required participant through a secure channel.
2. Public-key Authority
1. A common authority is setup which stores public key of the participants and who’s public
key is shared with every participant.
2. Client A request the authority for public key of Client B by sending the message with
Client B’s ID and a timestamp encrypted with authority’s public key.
3. The authority responds back with Client B’s public key and the original timestamp
encrypted with Client A’s public key.
4. Client A sends the message to Client B encrypted with Client B’s public key.
5. Client B gets the public key of Client A in the same manner.
27-05-2018
6
7. Gaurav Mishra <gmishx@gmail.com>
Key exchange
3. Public-key Certificates
1. The X.509 have provision of signed
certificates. A user can generate a
certificate to be signed by a Certificate
Authority (CA) called Certificate
Signing Request (CSR).
2. This CSR is sent to the CA encrypted
with CA’s public key.
3. CA validates the request and sign the
certificate with it’s private key and
send it back to the requester.
4. This signed certificate then can be
sent to anyone who requires it which
can then be verified by the CA’s public
key to check if it is original or
counterfeit.
4. Internet Key Exchange
1. The IKE uses Diffie-Hellman key
exchange over a secure channel to
create a symmetric key using
asymmetric cryptography.
2. This key is used to encrypt further
communication for negotiation on a
shared key.
27-05-2018
7
8. Gaurav Mishra <gmishx@gmail.com>
Message Signature
• To authenticate the message that it was originated by sender and is never altered during
the transmission, it need to be signed with the sender’s private key.
• Creating a message signature
1. The original message is hashed to calculate a digest.
2. The digest is encrypted using the private key.
3. The encrypted digest and the hash algorithm is attached to the message.
4. The message is encrypted using the private/shared and transmitted.
• Verifying the signature
1. Decrypt the message and get the encrypted digest.
2. Calculate a new hash using the attached algorithm and decrypt the attached digest.
3. Compare the calculated digest and the attached digest.
• By signing the message, we can provide the message integrity (the message is not altered)
and the message authentication (the message is originated from the real sender).
27-05-2018
8