Uploaded byGebrehanaAlemaw
PPTX, PDF20 views

Security - ch3.pptx

Cryptography involves encrypting messages to provide security services like confidentiality and integrity. It uses techniques like symmetric encryption with secret keys, asymmetric encryption with public/private key pairs, digital signatures, and hash functions. The document discusses specific cryptographic algorithms and how they work, including the Data Encryption Standard (DES), Triple DES, the Advanced Encryption Standard (AES), and the Rivest-Shamir-Adelman (RSA) public-key algorithm. Cryptography is important for securely storing, transmitting, and authenticating digital information.

Embed presentation

Download to read offline
Computer Security and Privacy (CS 671 – 2CrHr) Chapter 3-Security Techniques Department of Computer Science School of Postgraduate Studies Admas University
Cryptography = the science (art) of encryption Cryptanalysis = the science (art) of breaking encryption Cryptology = cryptography + cryptanalysis DEFINITIONS
3 PURPOSE OF CRYPTOGRAPHY • Secure stored information - regardless if access obtained • Secure transmitted information - regardless if transmission has been monitored
4 SERVICES PROVIDED BY CRYPTOGRAPHY • Confidentiality – provides privacy for messages and stored data by hiding • Message Integrity – provides assurance to all parties that a message remains unchanged • Non-repudiation – Can prove a document came from X even if X denies it • Authentication – identifies the origin of a message – verifies the identity of person using a computer system
6 CRYPTOGRAPHY • Cryptography has the following components: -Plaintext: This is what you want to encrypt. -Ciphertext: The encrypted output. -Enciphering or encryption: The process by which plaintext is converted into ciphertext. - Encryption algorithm: The sequence of data processing steps that go into transforming plaintext into ciphertext. -Secret Key: is used to set some or all of the various parameters used by the encryption algorithm. -Deciphering or decryption: Recovering plaintext from ciphertext. - Decryption algorithm: The sequence of data processing steps that go into transforming ciphertext back into plaintext.
KEYS • A key can be thought of as simply a collection of bits • The more bits, the stronger the key • Keys are tied to specific encryption algorithms • Lengths vary depending on the encryption algorithm – e.g. 128 bits is long for some algorithms, but short for others 1 0 1 1 1 1 0 1 1 1 0 1 1 0 0 1 0 1 7
8 CRYPTOGRAPHY • Encryption Overview – Plain text is converted to cipher text by use of an algorithm and key. • Algorithm is publicly known • Key is held private – Three Main Categories • Secret Key – single key is used to encrypt and decrypt information • Public/Private Key – two keys are used: one for encryption (public key) and one for decryption (private key) • One-way Function – information is encrypted to produce a “digest” of the original information that can be used later to prove its authenticity
ENCRYPTION • Encryption is the process of taking some data and a key and feeding it into a function and getting encrypted data out • Encrypted data is, in principle, unreadable unless decrypted Encryption Function 8
DECRYPTION • Decryption is the process of taking encrypted data and a key and feeding it into a function and getting out the original data – Encryption and decryption functions are linked Decryption Function 9
Symmetric Encryption • Encryption and decryption algorithms that use the same key are called symmetric – In this case everyone wanting to read encrypted data must share the same key • Sender and receive have the same secret key that will encrypt and decrypt plain text. • Strength of encryption technique depends on key length Encrypt Decrypt ENCRYPTION TECHNIQUES 10
12 ENCRYPTION TECHNIQUES… • Secret Key (Symmetric) – Known symmetrical algorithms • Data Encryption Standard (DES) – 56 bit key • Triple DES, DESX, GDES, RDES – 168 bit key • Advanced Encryption Standard (AES) – 128, 192,256 key sizes • RC2, RC4, RC5 – variable length up to 2048 bits • IDEA - basis of PGP – 128 bit key • Blowfish – variable length up to 448 bits
Asymmetric Encryption •Encryption and decryption algorithms that use a different key pair are called asymmetric –Keys are mathematically linked •Most common algorithm is the RSA (Rivest Shamir Adelman) algorithm with key lengths from 512 to 1024 bits. 13 ENCRYPTION TECHNIQUES…
CRYPTOGRAPHY DES • In 1973, the NBS (National Bureau of Standards, now called NIST - National Institute of Standards and Technology) published a request for an encryption algorithm that would meet the following criteria: • have a high security level • be easily understood • not depend on the algorithm's confidentiality • be adaptable and economical • be efficient and exportable In late 1974, IBM proposed "Lucifer", which was then modified by NSA (National Security Agency) in 1976 to become the DES (Data Encryption Standard). DES was approved by the NBS in 1978. The DES was standardized by the ANSI under the name of ANSI X3.92, also known as DEA (Data Encryption Algorithm).
CRYPTOGRAPHY DES • DES Utilizes block cipher, which means that during the encryption process, the plaintext is broken into fixed length blocks of 64 bits. • To do the encryption, DES uses a 64 bits long key. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56 bits. • 56-bit key gives 256 ( 7.2*1016) possible key variations • How DES works?
CRYPTOGRAPHY DES • DES was best suited for implementation in hardware, probably to discourage implementations in software, which tend to be slow by comparison during that time. • Modern computers are so fast that satisfactory software implementations for DES are possible. • DES is the most widely used symmetric algorithm despite claims whether 56 bits is long enough to guarantee security. • Using current technology, 56-bit key size is vulnerable to a brute force attack.
CRYPTOGRAPHY DES • Cracking: The most basic method of attack for any cypher is brute force - trying every possible key in turn. • The length of the key determines the number of possible keys, and hence the feasibility of the approach. • DES is not adequate with this regard due to its key size • In academia, various proposals for a DES-cracking machine were advanced. • In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million which could find a DES key in a single day. • By 1993, Wiener had proposed a key-search machine costing US$1 million which would find a key within 7 hours. • However, none of these early proposals were ever implemented.
CRYPTOGRAPHY DES • The vulnerability of DES was practically demonstrated in 1997, where RSA Security sponsored a series of contests, offering a $10,000 prize to the first team that broke a message encrypted with DES for the contest. That contest was won by the DESCHALL Project, led by Rocke Verser, Matt Curtin, and Justin Dolske, using idle cycles of thousands of computers across the Internet. • The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built by the Electronic Frontier Foundation (EFF), a cyberspace civil rights group, at the cost of approximately US$250,000. Their motivation was to show that DES was breakable in practice as well as in theory.
CRYPTOGRAPHY DES • A variant of DES, Triple DES (3-DES), provides enhanced security by executing the core algorithm three times in a row. • With triple length key of three 56-bit keys K1, K2 & K3, encryption is:  Encrypt with K1  Decrypt with K2  Encrypt with K3 • Decryption is the reverse process:  Decrypt with K3  Encrypt with K2  Decrypt with K1 • Setting K3 equal to K1 in these processes gives us a double length key K1, K2. • Setting K1, K2 and K3 all equal to K has the same effect as using a single-length (56-bit key). • Thus it is possible for a system using triple-DES to be compatible with a system using single-DES.
CRYPTOGRAPHY Asymmetric/Public key/ Cryptography • Also called public-key cryptography  keys for encryption and decryption are different but form a unique pair  P = DKD [EKE (P) ]  Only one of the keys need to be private while the other can be public • Invented by Diffie and Hellman in 1976 • It is a revolutionary concept since it avoids the need of using a secure channel to communicate the key • It has made cryptography available for the general public and made many of today’s on-line application feasible
CRYPTOGRAPHY Public-key Cryptography • Which one of the encryption or decryption key is made public depends on the use of the key If Hana wants to send a confidential message to Ahmed  She encrypts the message using Ahmed’s public key  Send the message  Ahmed will then decode it using his own private key On the other hand, if Ahmed needs to make sure that a message sent by Hana really comes from her, how can he make that?
CRYPTOGRAPHY Public-key Cryptography • Using digital signature Hana has to first encrypt a digital signature using her private key Then encrypt the message (signature included) with Ahmed’s public key Sends the encrypted message to Ahmed Ahmed decrypts the message using his private key Ahmed then decrypts the signature using Hana’s public key If successful, he insures that it comes from Hana
CRYPTOGRAPHY Public-key Cryptography • Summary  A pair of keys (private, public)  If you have the private key, you can easily decrypt what is encrypted by the public key  Otherwise, it is computationally infeasible to decrypt what has been encrypted by the public key
CRYPTOGRAPHY Public-key Cryptographic algorithm: RSA • RSA is from R. Rivest, A. Shamir and L. Aldleman • Principle: No mathematical method is yet known to efficiently find the prime factors of large numbers • In RSA, the private and public keys are constructed from very large prime numbers (consisting of hundred of decimal digits) • One of the keys can be made public • Breaking RSA is equivalent to finding the prime factors for large numbers: this is know to be computationally infeasible • It is only the person who has produced the keys from the prime number who can easily decrypt the messages
CRYPTOGRAPHY RSA • The RSA algorithm  Used both for public key encryption and digital signatures. • Major Activities  Key Generation  Encryption  Digital signing  Decryption  Signature verification
CRYPTOGRAPHY RSA- Key Generating Algorithm 1. Choose/generate two distinct prime numbers p and q. 2. Compute n = pq. 3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function. 4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1. 5. Determine d (1<d<phi) such that φ(n) divides ed-1. Result:  Keep all the values d, p, q and φ secret  e is known as the public key exponent  d is known as the private key exponent
CRYPTOGRAPHY RSA- Encryption Sender A does the following  Obtains the recipient B's public key (n, e)  Represents the plaintext message as a positive integer m  Computes the cipher-text c = me mod n  Sends the cipher-text c to B RSA- Decryption Recipient B does the following  Uses his private key (n, d) to compute m = cd mod n  Extracts the plaintext from the message representative m
CRYPTOGRAPHY RSA- Key Generation Simple Example 1. Select primes p=11, q=3. 2. n = pq = 11*3 = 33 phi = (p-1)(q-1) = 10*2 = 20 3. Choose e=3 Check gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1 4. Compute d (1<d<phi) such that phi divides ed-1 (20 divides 3d-1.) Simple testing (d = 2, 3 ...) gives d = 7 Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20). 5. Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7).
CRYPTOGRAPHY RSA- Encryption Example Now say we want to encrypt the message m = 7  c = me mod n = 73 mod 33 = 343 mod 33 = 13  Hence the ciphertext c = 13 To check decryption we compute  m = cd mod n = 137 mod 33 = 7 RSA- Decryption Example Given: Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7) How do we encrypt and decrypt?
CRYPTOGRAPHY RSA- More Meaningful Example Message: ATTACKxATxSEVEN Grouping the characters into blocks of three and computing a message representative integer for each block:  ATT ACK XAT XSE VEN  In the same way that a decimal number can be represented as the sum of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could represent our blocks of three characters in base 26 using A=0, B=1, C=2, ..., Z=25 ATT = 0 x 262 + 19 x 261 + 19 = 513 ACK = 0 x 262 + 2 x 261 + 10 = 62 XAT = 23 x 262 + 0 x 261 + 19 = 15567 XSE = 23 x 262 + 18 x 261 + 4 = 16020 VEN = 21 x 262 + 4 x 261 + 13 = 14313
CRYPTOGRAPHY RSA- More Meaningful Example – Key Generation 1. We "generate" primes p=137 and q=131 2. n = pq = 137*131 = 17,947 phi = (p-1)(q-1) = 136*130 = 17680 3. Select e = 3 check gcd(e, (p-1)(q-1)) = gcd(3, 17680 ) = 1, OK 4. Compute d such that phi divides ed-1 (17680 divides 3d- 1.) Simple testing (d = 2, 3 ...) gives d = 11787 Check: ed-1 = 3* 11787 - 1 = 35,3600, which is divisible by phi (17680). 5. Hence  public key, (n, e) = (17947, 3) and  private key (n, d) = (17947, 11787).
CRYPTOGRAPHY To encrypt the first integer that represents "ATT“ (513), we have  c = me mod n = 5133 mod 17947 = 8363 We can verify that our private key is valid by decrypting  m = cd mod n = 836311787 mod 17947 = 513 Using: Public key = (n, e) = (17947, 3) Private key = (n, d) = (17947, 11787) Overall, our plaintext is represented by the set of integers m  (513, 62, 15567, 16020, 14313)  We compute corresponding cipher text integers c = me mod n  (8363, 5017, 11884, 9546, 13366)
CRYPTOGRAPHY Hash functions • One application of cryptography is the use of hash functions • A hash function H takes a message m of arbitrary length and produces a bit string h, h= H (m) • When the hash value h is sent with the message m, it enables to determine whether m has been modified or not
CRYPTOGRAPHY Hash functions • Properties of hash functions  One-way function: It is computationally infeasible to find m that corresponds to a known output of h  It is computationally infeasible, given m and H, to find m’ ≠ m such that H(m) = H(m’)  Given H, it is computationally infeasible to find any two different input values m and m’, such that H(m) = H(m’)
CRYPTOGRAPHY Digital Signature
CRYPTOGRAPHY Digital Signature for Message Integrity and Confidentiality • Principles of Digital Signature  User A signs digitally a message m using cryptographic hash of the message m with the private key of A and attach it to the message m.  Anybody can then decrypt A’s digital signature using A’s public key and compare it with the cryptographic hash of the message m to verify that m was signed by A and m was not altered.
CRYPTOGRAPHY Digital Signature Using Public Key Cryptosystem Notation: KX - : Private key of X KX + : Public key of X • When Hanna sends her message m to Ahmed, she encrypts it with her private key Kh -(m) • If she wants to keep the message content a secret, she can use Ahmed’s public key and send Ka +(m, Kh -(m)) • Hanna is protected against modification by Ahmed since if Ahmed produces m’, he has to find Kh -(m’)
CRYPTOGRAPHY Digital Signature Using Message Digest • H = H (m) is sent along m, where H is a cryptographic hash function • Kh -(H(m)) (or Ka +(m, Kh -(H(m)))) is sent so that Ahmed knows that it comes from Hanna by decrypting it • Ahmed hashes the message m and compares it with H that he has received from Hanna • Hash/Message Digest: Short “signature” of the message, 128–512 bits. • It is extremely improbable that unequal messages have same hash Example: MD5 (Message Digest version 5) and SHA-1
CRYPTOGRAPHY Digital Signature and RSA • Recipient B does the following  Uses sender A's public key (n, e) to compute integer v = se mod n  Extracts the message digest from this integer  Independently computes the message digest of m that has been signed  If both message digests are identical, the signature is valid Signature Verification • Sender A does the following  Creates a message digest of the information to be sent  Represents this digest as an integer m  Uses his/her private key (n, d) to compute the signature s = md mod n.  Sends this signature s along with encrypted m to the recipient B.
CRYPTOGRAPHY Key Distribution: Verifying Someone’s Public Key • Even with public-key cryptosystems and digital signatures, we still have the problem of authentication: binding users to keys. • Early days articles proposed phonebook-like database with Name and Public Key entries. • Attacker can put in his own key for someone else, and start signing fake contracts (and even checks!). • Maybe we can secure the phonebook, but then it kills the idea of keys widely and easily available (publicly) . • Problem: How secure is that database itself?
CRYPTOGRAPHY Key Distribution: Problems • Distribution of a key is a difficult matter! • Solution: Certification/Certificate Authority (CA) that signs (certifies) the public key • For public key, we need a body that certifies the public key is that of the party we need to communicate with • For a symmetric cryptosystem, the initial key must be communicated along a secured channel(?)
CRYPTOGRAPHY Certification • A certificate is a public key and some naming “stuff”, digitally signed by someone you trust (third party) - Certification Authority (CA). • Remark: Just because they are CAs doesn’t mean you should trust them. • The critical thing is that the name in the certificate must match the alleged name. • Common solution to public key distribution today is to have trusted third party to sign the user’s public encryption key. • Resulting certificate will contain information like user’s name/ID, user’s public key, name of CA, start date of certificate, and length of time it is valid. • User publishes certificate with the X.509 standard (for formatting certificates).
CRYPTOGRAPHY Certification - Associated Overheads • An important issue is the longevity of certificates • Lifelong certificates are not feasible • Therefore, we need a way to revoke certificates  Certificate Revocation List (CRL) published regularly
CRYPTOGRAPHY Applications – Electronic Payment • Payment systems - based on direct payment a) Paying in cash. b) Using a check. c) Using a credit card.
CRYPTOGRAPHY Applications – Reading assignment • Electronic cash • E-wallet • Credit card • Debit card
CRYPTOGRAPHY Applications – Security in Electronic Payment • General requirements  In cash based systems (using ATM), the main issue is authentication  Use of card  Electronic money  Protection against fraud  It should not be possible to use the money more than once  It should not be possible to use forged money  Credit card or check based system  No tampering/alteration  Protection against repudiation (the buyer denies having made the order)
CRYPTOGRAPHY Applications – Secure Electronic Transaction (SET) • SET is the result of efforts by VISA, Mastercard, etc. to develop a standard way of purchasing goods over a network using a credit card • SET is an open standard: entire protocol is published • Dual signature is used in order to avoid  The merchant from knowing the detail of the payment information  The Bank from knowing about the order information
Applications – Secure Electronic Transaction (SET) NETWORK SECURITY • Protect credit card transaction on the Internet. • Companies involved:  MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign • Not a payment system but enables users to employ the existing credit card payment infrastructure on an open network (Internet) in a secure manner. • Set of security protocols and formats. CRYPTOGRAPHY
Applications: SET Services NETWORK SECURITY • Provides a secure communication channel in a transaction. • Key Features of SET:  Confidentiality of information  Integrity of data  Cardholder account authentication  Merchant authentication CRYPTOGRAPHY
Application: SET Participants ... NETWORK SECURITY • Customer : Authorized holder of Payment Card • Merchant: Has goods to sell to the Cardholder. • Issuer: Financial institution (such as bank) – connected with the Customer. • Acquirer: Verifies that a card account is active and the proposed purchase does not exceed the credit limit – Connected with the Merchant. • Payment gateway: Operated by the acquirer or a designated third party that processes merchant payment messages • Certification Authority: Trusted entity to issue the X.509V3 public key certificate for customers, Merchants and payment gateways. • The success of SET depends on CA. CRYPTOGRAPHY
Applications: SET (Sequence of events for transactions) NETWORK SECURITY 1. Merchant sends merchant certificate and bank certificate (encrypted with CA’s private key) 2. Customer decrypts certificates, obtains public keys 3. Customer generates order information (OI) and payment info (PI) encrypted with different session keys and dual- signed 4. Merchant sends payment request to bank encrypted with bank-merchant session key 5. Bank sends authorization request to issuing bank 6. Bank sends approval to merchant 7. Merchant sends acknowledgement to customer CRYPTOGRAPHY
Applications: SET Participants NETWORK SECURITY CRYPTOGRAPHY
Applications: SET - Dual Signature NETWORK SECURITY • Dual signature is an important innovation by SET • Used to link two messages that are intended for two different recipients. • The customer wants to send Order Information (OI) to the merchant and Payment Information (PI) to the bank. • Merchant – Does not need to know details of customer’s payment information. • Bank – Does not need to know details of customer’s order. • Privacy!! • The two items, however, must be linked somehow to prove that the payment is intended for this order and not for some other. CRYPTOGRAPHY
Applications: SET Dual Signature H(OI))] || ) ( ( [ PI H H E DS c KR  CRYPTOGRAPHY
Applications: SET Payment processing Customer Sends Purchase Request CRYPTOGRAPHY
Applications: SET Payment processing Merchant Verifies Customer Purchase Request CRYPTOGRAPHY
CRYPTOGRAPHY Cryptanalysis • comes from the Greek word kryptós, "hidden", and analýein, "to loosen" or "to untie" • It is the art of recovering original data (the plain text) that has been encrypted or turned into cipher text without having access to the correct key used in the encryption process • When new encryption algorithms are introduced, cryptanalysis determines how hard it is to break the code (study)
CRYPTOGRAPHY Cryptanalysis • It is also used to refer to any attempt to avoid the security of other types of cryptographic algorithms and protocols in general, and not just encryption. • This process is mathematically challenging and complex as cryptography. • Cryptanalysis contains various ways to achieve its goal and uses a number of attack strategies
CRYPTOGRAPHY Cryptanalysis – Ciphertext-Only Attack • an attack model which is used by cryptanalyst in which without knowing the plain text, he works on cipher text • The intention will be to find the corresponding plain text or a key • E.g. attack on PDF data encryption using default RC4 algorithm
CRYPTOGRAPHY Cryptanalysis – Known-plaintext Attack • It is an attack model (used by cryptanalyst) where both sample plaintext and cipher text is used by attacker to find out the secret key Cryptanalysis – Chosen-plaintext Attack • It is an attack model where the cryptanalyst specify his own plain text and encrypt it. • This can be used to learn characteristics about the encryption algorithm(public key algorithms) • For example he can provide an empty text, a text which consists of one ‘a’ or two ‘aa’ characters.
CRYPTOGRAPHY Cryptanalysis – Brute force attack • A strategy used to break down passwords • It is the most common method which tries all possible permutations of the password until the correct one is found but starts cracking with the commonly used passwords(Dictionary attack) • The time required to find a password depends on: 1. How long the password is 2. How many characters are allowed in each position (upper case, lower case, numbers, special characters)
CRYPTOGRAPHY Summary • Advantage of private/secret key cryptography is that it provides better secrecy but needs prearranged key exchange. • Advantage of public-key cryptography is that it allows for secrecy between two parties who have not arranged in advance to have a shared key (or trusted some third party to give it to them) and the disadvantage is overhead and speed. • Therefore, in practice, hybrid systems use both!!

More Related Content

PPTX
Cryptography and Network Security
byPa Van Tanku
 
PPTX
Security - ch3.pptx
byHabtamuHaileMichael2
 
PPTX
Cryptography
byMrinalini Sharma
 
PPTX
Cryptography
byPratiksha Patil
 
PPTX
encryption and decryption ,and its types
byjosereena1
 
PPT
Cryptography Lecture by Sam Bowne
bySecurityTube.Net
 
PDF
Introduction to Cryptography
bySeema Goel
 
PPT
Ch12 Cryptography it-slideshares.blogspot.com
byphanleson
 
Cryptography and Network Security
byPa Van Tanku
 
Security - ch3.pptx
byHabtamuHaileMichael2
 
Cryptography
byMrinalini Sharma
 
Cryptography
byPratiksha Patil
 
encryption and decryption ,and its types
byjosereena1
 
Cryptography Lecture by Sam Bowne
bySecurityTube.Net
 
Introduction to Cryptography
bySeema Goel
 
Ch12 Cryptography it-slideshares.blogspot.com
byphanleson
 

Similar to Security - ch3.pptx

PPTX
Cryptography by Durlab Kumbhakar
byDurlove Kumbhakar
 
PDF
Comparative study of private and public key cryptography algorithms a survey
byeSAT Publishing House
 
PDF
CNIT 123 12: Cryptography
bySam Bowne
 
PDF
Ch 12: Cryptography
bySam Bowne
 
PPT
Introduction part--Symmetry and asymetery123.ppt
bysayalis4
 
PDF
Cryptology - The practice and study of hiding information
byBitcoin Association of Australia
 
PPT
Cryptography
byamiable_indian
 
PPTX
Cryptography
byJens Patel
 
PDF
CISSP Prep: Ch 4. Security Engineering (Part 2)
bySam Bowne
 
PDF
Fundamentals of Cryptography: Securing Data in the Digital Age
byavengersimran16
 
PPTX
CH02-CompSec4e.pptx
byams1ams11
 
PPTX
Overview of cryptography
byRoshan Chaudhary
 
PPT
Class3
byankitasinghbsc
 
PPTX
NS UNIT 1 Advanced Encryption Standard& RSA
byAntonySuresh13
 
PPTX
Encryption algorithms
bytrilokchandra prakash
 
PDF
A Survey on Generation and Evolution of Various Cryptographic Techniques
byIRJET Journal
 
PDF
Analysis of Cryptographic Algorithms for Network Security
byEditor IJCATR
 
PPTX
Introduction to Network Security presentation
bykrishkiran2408
 
PPTX
Cryptography
byRutuja Solkar
 
PDF
Chapter 8 cryptography lanjutan
bynewbie2019
 
Cryptography by Durlab Kumbhakar
byDurlove Kumbhakar
 
Comparative study of private and public key cryptography algorithms a survey
byeSAT Publishing House
 
CNIT 123 12: Cryptography
bySam Bowne
 
Ch 12: Cryptography
bySam Bowne
 
Introduction part--Symmetry and asymetery123.ppt
bysayalis4
 
Cryptology - The practice and study of hiding information
byBitcoin Association of Australia
 
Cryptography
byamiable_indian
 
Cryptography
byJens Patel
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
bySam Bowne
 
Fundamentals of Cryptography: Securing Data in the Digital Age
byavengersimran16
 
CH02-CompSec4e.pptx
byams1ams11
 
Overview of cryptography
byRoshan Chaudhary
 
Class3
byankitasinghbsc
 
NS UNIT 1 Advanced Encryption Standard& RSA
byAntonySuresh13
 
Encryption algorithms
bytrilokchandra prakash
 
A Survey on Generation and Evolution of Various Cryptographic Techniques
byIRJET Journal
 
Analysis of Cryptographic Algorithms for Network Security
byEditor IJCATR
 
Introduction to Network Security presentation
bykrishkiran2408
 
Cryptography
byRutuja Solkar
 
Chapter 8 cryptography lanjutan
bynewbie2019
 

Recently uploaded

PPTX
MENTAL STATUS EXAMINATION Part-1.Shilpa hotakar.pptx
bySHILPA HOTAKAR
 
PPTX
Appreciations - Jan 26 01.pptxkkkmmkmkmkmkm
bypreetheshparmar
 
PDF
Risks and opportunities of artificial intelligence in education: A critical view
byYannis
 
PPTX
Exploring Higher education and its pathways
byEVAMAEBONGHANOY5
 
PDF
Darwinism: Theory of Natural Selection and Origin of Species
byIPGDCWA,NAMPALLY
 
PPTX
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
PPTX
West Hatch High School - GCSE Spanish Presentation
byWestHatch
 
PPTX
Master of Punjabi Short Story "kartar singh duggal
bybhautikbharwad4
 
PPTX
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
PPTX
West Hatch High School -- GCSE Geography
byWestHatch
 
PPTX
Poster Based Ethical Reflection - Dharma and Values Poster.pptx
byRajshreeBeneymadoo
 
PDF
Information about Presentation strategies
bymansivaja18126
 
PPTX
West Hatch High School - GCSE Media Studies
byWestHatch
 
PPTX
TLE 8 W1 Q4 D2.pptx COMMON FLOOR PLAN SYMBOLS PLUMBING SYMBOLS
byraquelanaaltres1
 
PPTX
The night at deoli - Ruskin bond's story of first love
byrajibhammar4
 
PPTX
Appreciations - Jan 26 01.pptxkjkjkkjkjkjkj
bypreetheshparmar
 
PPTX
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
PPTX
That long silence - Novel by Shashi Deshapande
bysanjanavaghela65
 
PPTX
Metabolism ( BIOCHEMISTRY & CLINICAL PATHOLOGY )
byBushraDeshpande
 
PDF
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
MENTAL STATUS EXAMINATION Part-1.Shilpa hotakar.pptx
bySHILPA HOTAKAR
 
Appreciations - Jan 26 01.pptxkkkmmkmkmkmkm
bypreetheshparmar
 
Risks and opportunities of artificial intelligence in education: A critical view
byYannis
 
Exploring Higher education and its pathways
byEVAMAEBONGHANOY5
 
Darwinism: Theory of Natural Selection and Origin of Species
byIPGDCWA,NAMPALLY
 
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
West Hatch High School - GCSE Spanish Presentation
byWestHatch
 
Master of Punjabi Short Story "kartar singh duggal
bybhautikbharwad4
 
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
West Hatch High School -- GCSE Geography
byWestHatch
 
Poster Based Ethical Reflection - Dharma and Values Poster.pptx
byRajshreeBeneymadoo
 
Information about Presentation strategies
bymansivaja18126
 
West Hatch High School - GCSE Media Studies
byWestHatch
 
TLE 8 W1 Q4 D2.pptx COMMON FLOOR PLAN SYMBOLS PLUMBING SYMBOLS
byraquelanaaltres1
 
The night at deoli - Ruskin bond's story of first love
byrajibhammar4
 
Appreciations - Jan 26 01.pptxkjkjkkjkjkjkj
bypreetheshparmar
 
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
That long silence - Novel by Shashi Deshapande
bysanjanavaghela65
 
Metabolism ( BIOCHEMISTRY & CLINICAL PATHOLOGY )
byBushraDeshpande
 
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 

Security - ch3.pptx

  • 1.
    Computer Security andPrivacy (CS 671 – 2CrHr) Chapter 3-Security Techniques Department of Computer Science School of Postgraduate Studies Admas University
  • 2.
    Cryptography = thescience (art) of encryption Cryptanalysis = the science (art) of breaking encryption Cryptology = cryptography + cryptanalysis DEFINITIONS
  • 3.
    3 PURPOSE OF CRYPTOGRAPHY •Secure stored information - regardless if access obtained • Secure transmitted information - regardless if transmission has been monitored
  • 4.
    4 SERVICES PROVIDED BYCRYPTOGRAPHY • Confidentiality – provides privacy for messages and stored data by hiding • Message Integrity – provides assurance to all parties that a message remains unchanged • Non-repudiation – Can prove a document came from X even if X denies it • Authentication – identifies the origin of a message – verifies the identity of person using a computer system
  • 5.
    6 CRYPTOGRAPHY • Cryptography hasthe following components: -Plaintext: This is what you want to encrypt. -Ciphertext: The encrypted output. -Enciphering or encryption: The process by which plaintext is converted into ciphertext. - Encryption algorithm: The sequence of data processing steps that go into transforming plaintext into ciphertext. -Secret Key: is used to set some or all of the various parameters used by the encryption algorithm. -Deciphering or decryption: Recovering plaintext from ciphertext. - Decryption algorithm: The sequence of data processing steps that go into transforming ciphertext back into plaintext.
  • 6.
    KEYS • A keycan be thought of as simply a collection of bits • The more bits, the stronger the key • Keys are tied to specific encryption algorithms • Lengths vary depending on the encryption algorithm – e.g. 128 bits is long for some algorithms, but short for others 1 0 1 1 1 1 0 1 1 1 0 1 1 0 0 1 0 1 7
  • 7.
    8 CRYPTOGRAPHY • Encryption Overview –Plain text is converted to cipher text by use of an algorithm and key. • Algorithm is publicly known • Key is held private – Three Main Categories • Secret Key – single key is used to encrypt and decrypt information • Public/Private Key – two keys are used: one for encryption (public key) and one for decryption (private key) • One-way Function – information is encrypted to produce a “digest” of the original information that can be used later to prove its authenticity
  • 8.
    ENCRYPTION • Encryption isthe process of taking some data and a key and feeding it into a function and getting encrypted data out • Encrypted data is, in principle, unreadable unless decrypted Encryption Function 8
  • 9.
    DECRYPTION • Decryption isthe process of taking encrypted data and a key and feeding it into a function and getting out the original data – Encryption and decryption functions are linked Decryption Function 9
  • 10.
    Symmetric Encryption • Encryptionand decryption algorithms that use the same key are called symmetric – In this case everyone wanting to read encrypted data must share the same key • Sender and receive have the same secret key that will encrypt and decrypt plain text. • Strength of encryption technique depends on key length Encrypt Decrypt ENCRYPTION TECHNIQUES 10
  • 11.
    12 ENCRYPTION TECHNIQUES… • SecretKey (Symmetric) – Known symmetrical algorithms • Data Encryption Standard (DES) – 56 bit key • Triple DES, DESX, GDES, RDES – 168 bit key • Advanced Encryption Standard (AES) – 128, 192,256 key sizes • RC2, RC4, RC5 – variable length up to 2048 bits • IDEA - basis of PGP – 128 bit key • Blowfish – variable length up to 448 bits
  • 12.
    Asymmetric Encryption •Encryption anddecryption algorithms that use a different key pair are called asymmetric –Keys are mathematically linked •Most common algorithm is the RSA (Rivest Shamir Adelman) algorithm with key lengths from 512 to 1024 bits. 13 ENCRYPTION TECHNIQUES…
  • 13.
    CRYPTOGRAPHY DES • In 1973,the NBS (National Bureau of Standards, now called NIST - National Institute of Standards and Technology) published a request for an encryption algorithm that would meet the following criteria: • have a high security level • be easily understood • not depend on the algorithm's confidentiality • be adaptable and economical • be efficient and exportable In late 1974, IBM proposed "Lucifer", which was then modified by NSA (National Security Agency) in 1976 to become the DES (Data Encryption Standard). DES was approved by the NBS in 1978. The DES was standardized by the ANSI under the name of ANSI X3.92, also known as DEA (Data Encryption Algorithm).
  • 14.
    CRYPTOGRAPHY DES • DES Utilizesblock cipher, which means that during the encryption process, the plaintext is broken into fixed length blocks of 64 bits. • To do the encryption, DES uses a 64 bits long key. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56 bits. • 56-bit key gives 256 ( 7.2*1016) possible key variations • How DES works?
  • 15.
    CRYPTOGRAPHY DES • DES wasbest suited for implementation in hardware, probably to discourage implementations in software, which tend to be slow by comparison during that time. • Modern computers are so fast that satisfactory software implementations for DES are possible. • DES is the most widely used symmetric algorithm despite claims whether 56 bits is long enough to guarantee security. • Using current technology, 56-bit key size is vulnerable to a brute force attack.
  • 16.
    CRYPTOGRAPHY DES • Cracking: Themost basic method of attack for any cypher is brute force - trying every possible key in turn. • The length of the key determines the number of possible keys, and hence the feasibility of the approach. • DES is not adequate with this regard due to its key size • In academia, various proposals for a DES-cracking machine were advanced. • In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million which could find a DES key in a single day. • By 1993, Wiener had proposed a key-search machine costing US$1 million which would find a key within 7 hours. • However, none of these early proposals were ever implemented.
  • 17.
    CRYPTOGRAPHY DES • The vulnerabilityof DES was practically demonstrated in 1997, where RSA Security sponsored a series of contests, offering a $10,000 prize to the first team that broke a message encrypted with DES for the contest. That contest was won by the DESCHALL Project, led by Rocke Verser, Matt Curtin, and Justin Dolske, using idle cycles of thousands of computers across the Internet. • The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built by the Electronic Frontier Foundation (EFF), a cyberspace civil rights group, at the cost of approximately US$250,000. Their motivation was to show that DES was breakable in practice as well as in theory.
  • 18.
    CRYPTOGRAPHY DES • A variantof DES, Triple DES (3-DES), provides enhanced security by executing the core algorithm three times in a row. • With triple length key of three 56-bit keys K1, K2 & K3, encryption is:  Encrypt with K1  Decrypt with K2  Encrypt with K3 • Decryption is the reverse process:  Decrypt with K3  Encrypt with K2  Decrypt with K1 • Setting K3 equal to K1 in these processes gives us a double length key K1, K2. • Setting K1, K2 and K3 all equal to K has the same effect as using a single-length (56-bit key). • Thus it is possible for a system using triple-DES to be compatible with a system using single-DES.
  • 19.
    CRYPTOGRAPHY Asymmetric/Public key/ Cryptography •Also called public-key cryptography  keys for encryption and decryption are different but form a unique pair  P = DKD [EKE (P) ]  Only one of the keys need to be private while the other can be public • Invented by Diffie and Hellman in 1976 • It is a revolutionary concept since it avoids the need of using a secure channel to communicate the key • It has made cryptography available for the general public and made many of today’s on-line application feasible
  • 20.
    CRYPTOGRAPHY Public-key Cryptography • Whichone of the encryption or decryption key is made public depends on the use of the key If Hana wants to send a confidential message to Ahmed  She encrypts the message using Ahmed’s public key  Send the message  Ahmed will then decode it using his own private key On the other hand, if Ahmed needs to make sure that a message sent by Hana really comes from her, how can he make that?
  • 21.
    CRYPTOGRAPHY Public-key Cryptography • Usingdigital signature Hana has to first encrypt a digital signature using her private key Then encrypt the message (signature included) with Ahmed’s public key Sends the encrypted message to Ahmed Ahmed decrypts the message using his private key Ahmed then decrypts the signature using Hana’s public key If successful, he insures that it comes from Hana
  • 22.
    CRYPTOGRAPHY Public-key Cryptography • Summary A pair of keys (private, public)  If you have the private key, you can easily decrypt what is encrypted by the public key  Otherwise, it is computationally infeasible to decrypt what has been encrypted by the public key
  • 23.
    CRYPTOGRAPHY Public-key Cryptographic algorithm:RSA • RSA is from R. Rivest, A. Shamir and L. Aldleman • Principle: No mathematical method is yet known to efficiently find the prime factors of large numbers • In RSA, the private and public keys are constructed from very large prime numbers (consisting of hundred of decimal digits) • One of the keys can be made public • Breaking RSA is equivalent to finding the prime factors for large numbers: this is know to be computationally infeasible • It is only the person who has produced the keys from the prime number who can easily decrypt the messages
  • 24.
    CRYPTOGRAPHY RSA • The RSAalgorithm  Used both for public key encryption and digital signatures. • Major Activities  Key Generation  Encryption  Digital signing  Decryption  Signature verification
  • 25.
    CRYPTOGRAPHY RSA- Key GeneratingAlgorithm 1. Choose/generate two distinct prime numbers p and q. 2. Compute n = pq. 3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function. 4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1. 5. Determine d (1<d<phi) such that φ(n) divides ed-1. Result:  Keep all the values d, p, q and φ secret  e is known as the public key exponent  d is known as the private key exponent
  • 26.
    CRYPTOGRAPHY RSA- Encryption Sender Adoes the following  Obtains the recipient B's public key (n, e)  Represents the plaintext message as a positive integer m  Computes the cipher-text c = me mod n  Sends the cipher-text c to B RSA- Decryption Recipient B does the following  Uses his private key (n, d) to compute m = cd mod n  Extracts the plaintext from the message representative m
  • 27.
    CRYPTOGRAPHY RSA- Key GenerationSimple Example 1. Select primes p=11, q=3. 2. n = pq = 11*3 = 33 phi = (p-1)(q-1) = 10*2 = 20 3. Choose e=3 Check gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1 4. Compute d (1<d<phi) such that phi divides ed-1 (20 divides 3d-1.) Simple testing (d = 2, 3 ...) gives d = 7 Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20). 5. Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7).
  • 28.
    CRYPTOGRAPHY RSA- Encryption Example Nowsay we want to encrypt the message m = 7  c = me mod n = 73 mod 33 = 343 mod 33 = 13  Hence the ciphertext c = 13 To check decryption we compute  m = cd mod n = 137 mod 33 = 7 RSA- Decryption Example Given: Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7) How do we encrypt and decrypt?
  • 29.
    CRYPTOGRAPHY RSA- More MeaningfulExample Message: ATTACKxATxSEVEN Grouping the characters into blocks of three and computing a message representative integer for each block:  ATT ACK XAT XSE VEN  In the same way that a decimal number can be represented as the sum of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could represent our blocks of three characters in base 26 using A=0, B=1, C=2, ..., Z=25 ATT = 0 x 262 + 19 x 261 + 19 = 513 ACK = 0 x 262 + 2 x 261 + 10 = 62 XAT = 23 x 262 + 0 x 261 + 19 = 15567 XSE = 23 x 262 + 18 x 261 + 4 = 16020 VEN = 21 x 262 + 4 x 261 + 13 = 14313
  • 30.
    CRYPTOGRAPHY RSA- More MeaningfulExample – Key Generation 1. We "generate" primes p=137 and q=131 2. n = pq = 137*131 = 17,947 phi = (p-1)(q-1) = 136*130 = 17680 3. Select e = 3 check gcd(e, (p-1)(q-1)) = gcd(3, 17680 ) = 1, OK 4. Compute d such that phi divides ed-1 (17680 divides 3d- 1.) Simple testing (d = 2, 3 ...) gives d = 11787 Check: ed-1 = 3* 11787 - 1 = 35,3600, which is divisible by phi (17680). 5. Hence  public key, (n, e) = (17947, 3) and  private key (n, d) = (17947, 11787).
  • 31.
    CRYPTOGRAPHY To encrypt thefirst integer that represents "ATT“ (513), we have  c = me mod n = 5133 mod 17947 = 8363 We can verify that our private key is valid by decrypting  m = cd mod n = 836311787 mod 17947 = 513 Using: Public key = (n, e) = (17947, 3) Private key = (n, d) = (17947, 11787) Overall, our plaintext is represented by the set of integers m  (513, 62, 15567, 16020, 14313)  We compute corresponding cipher text integers c = me mod n  (8363, 5017, 11884, 9546, 13366)
  • 32.
    CRYPTOGRAPHY Hash functions • Oneapplication of cryptography is the use of hash functions • A hash function H takes a message m of arbitrary length and produces a bit string h, h= H (m) • When the hash value h is sent with the message m, it enables to determine whether m has been modified or not
  • 33.
    CRYPTOGRAPHY Hash functions • Propertiesof hash functions  One-way function: It is computationally infeasible to find m that corresponds to a known output of h  It is computationally infeasible, given m and H, to find m’ ≠ m such that H(m) = H(m’)  Given H, it is computationally infeasible to find any two different input values m and m’, such that H(m) = H(m’)
  • 34.
  • 35.
    CRYPTOGRAPHY Digital Signature forMessage Integrity and Confidentiality • Principles of Digital Signature  User A signs digitally a message m using cryptographic hash of the message m with the private key of A and attach it to the message m.  Anybody can then decrypt A’s digital signature using A’s public key and compare it with the cryptographic hash of the message m to verify that m was signed by A and m was not altered.
  • 36.
    CRYPTOGRAPHY Digital Signature UsingPublic Key Cryptosystem Notation: KX - : Private key of X KX + : Public key of X • When Hanna sends her message m to Ahmed, she encrypts it with her private key Kh -(m) • If she wants to keep the message content a secret, she can use Ahmed’s public key and send Ka +(m, Kh -(m)) • Hanna is protected against modification by Ahmed since if Ahmed produces m’, he has to find Kh -(m’)
  • 37.
    CRYPTOGRAPHY Digital Signature UsingMessage Digest • H = H (m) is sent along m, where H is a cryptographic hash function • Kh -(H(m)) (or Ka +(m, Kh -(H(m)))) is sent so that Ahmed knows that it comes from Hanna by decrypting it • Ahmed hashes the message m and compares it with H that he has received from Hanna • Hash/Message Digest: Short “signature” of the message, 128–512 bits. • It is extremely improbable that unequal messages have same hash Example: MD5 (Message Digest version 5) and SHA-1
  • 38.
    CRYPTOGRAPHY Digital Signature andRSA • Recipient B does the following  Uses sender A's public key (n, e) to compute integer v = se mod n  Extracts the message digest from this integer  Independently computes the message digest of m that has been signed  If both message digests are identical, the signature is valid Signature Verification • Sender A does the following  Creates a message digest of the information to be sent  Represents this digest as an integer m  Uses his/her private key (n, d) to compute the signature s = md mod n.  Sends this signature s along with encrypted m to the recipient B.
  • 39.
    CRYPTOGRAPHY Key Distribution: VerifyingSomeone’s Public Key • Even with public-key cryptosystems and digital signatures, we still have the problem of authentication: binding users to keys. • Early days articles proposed phonebook-like database with Name and Public Key entries. • Attacker can put in his own key for someone else, and start signing fake contracts (and even checks!). • Maybe we can secure the phonebook, but then it kills the idea of keys widely and easily available (publicly) . • Problem: How secure is that database itself?
  • 40.
    CRYPTOGRAPHY Key Distribution: Problems •Distribution of a key is a difficult matter! • Solution: Certification/Certificate Authority (CA) that signs (certifies) the public key • For public key, we need a body that certifies the public key is that of the party we need to communicate with • For a symmetric cryptosystem, the initial key must be communicated along a secured channel(?)
  • 41.
    CRYPTOGRAPHY Certification • A certificateis a public key and some naming “stuff”, digitally signed by someone you trust (third party) - Certification Authority (CA). • Remark: Just because they are CAs doesn’t mean you should trust them. • The critical thing is that the name in the certificate must match the alleged name. • Common solution to public key distribution today is to have trusted third party to sign the user’s public encryption key. • Resulting certificate will contain information like user’s name/ID, user’s public key, name of CA, start date of certificate, and length of time it is valid. • User publishes certificate with the X.509 standard (for formatting certificates).
  • 42.
    CRYPTOGRAPHY Certification - AssociatedOverheads • An important issue is the longevity of certificates • Lifelong certificates are not feasible • Therefore, we need a way to revoke certificates  Certificate Revocation List (CRL) published regularly
  • 43.
    CRYPTOGRAPHY Applications – ElectronicPayment • Payment systems - based on direct payment a) Paying in cash. b) Using a check. c) Using a credit card.
  • 44.
    CRYPTOGRAPHY Applications – Readingassignment • Electronic cash • E-wallet • Credit card • Debit card
  • 45.
    CRYPTOGRAPHY Applications – Securityin Electronic Payment • General requirements  In cash based systems (using ATM), the main issue is authentication  Use of card  Electronic money  Protection against fraud  It should not be possible to use the money more than once  It should not be possible to use forged money  Credit card or check based system  No tampering/alteration  Protection against repudiation (the buyer denies having made the order)
  • 46.
    CRYPTOGRAPHY Applications – SecureElectronic Transaction (SET) • SET is the result of efforts by VISA, Mastercard, etc. to develop a standard way of purchasing goods over a network using a credit card • SET is an open standard: entire protocol is published • Dual signature is used in order to avoid  The merchant from knowing the detail of the payment information  The Bank from knowing about the order information
  • 47.
    Applications – SecureElectronic Transaction (SET) NETWORK SECURITY • Protect credit card transaction on the Internet. • Companies involved:  MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign • Not a payment system but enables users to employ the existing credit card payment infrastructure on an open network (Internet) in a secure manner. • Set of security protocols and formats. CRYPTOGRAPHY
  • 48.
    Applications: SET Services NETWORKSECURITY • Provides a secure communication channel in a transaction. • Key Features of SET:  Confidentiality of information  Integrity of data  Cardholder account authentication  Merchant authentication CRYPTOGRAPHY
  • 49.
    Application: SET Participants... NETWORK SECURITY • Customer : Authorized holder of Payment Card • Merchant: Has goods to sell to the Cardholder. • Issuer: Financial institution (such as bank) – connected with the Customer. • Acquirer: Verifies that a card account is active and the proposed purchase does not exceed the credit limit – Connected with the Merchant. • Payment gateway: Operated by the acquirer or a designated third party that processes merchant payment messages • Certification Authority: Trusted entity to issue the X.509V3 public key certificate for customers, Merchants and payment gateways. • The success of SET depends on CA. CRYPTOGRAPHY
  • 50.
    Applications: SET (Sequenceof events for transactions) NETWORK SECURITY 1. Merchant sends merchant certificate and bank certificate (encrypted with CA’s private key) 2. Customer decrypts certificates, obtains public keys 3. Customer generates order information (OI) and payment info (PI) encrypted with different session keys and dual- signed 4. Merchant sends payment request to bank encrypted with bank-merchant session key 5. Bank sends authorization request to issuing bank 6. Bank sends approval to merchant 7. Merchant sends acknowledgement to customer CRYPTOGRAPHY
  • 51.
  • 52.
    Applications: SET -Dual Signature NETWORK SECURITY • Dual signature is an important innovation by SET • Used to link two messages that are intended for two different recipients. • The customer wants to send Order Information (OI) to the merchant and Payment Information (PI) to the bank. • Merchant – Does not need to know details of customer’s payment information. • Bank – Does not need to know details of customer’s order. • Privacy!! • The two items, however, must be linked somehow to prove that the payment is intended for this order and not for some other. CRYPTOGRAPHY
  • 53.
    Applications: SET DualSignature H(OI))] || ) ( ( [ PI H H E DS c KR  CRYPTOGRAPHY
  • 54.
    Applications: SET Paymentprocessing Customer Sends Purchase Request CRYPTOGRAPHY
  • 55.
    Applications: SET Paymentprocessing Merchant Verifies Customer Purchase Request CRYPTOGRAPHY
  • 56.
    CRYPTOGRAPHY Cryptanalysis • comes fromthe Greek word kryptós, "hidden", and analýein, "to loosen" or "to untie" • It is the art of recovering original data (the plain text) that has been encrypted or turned into cipher text without having access to the correct key used in the encryption process • When new encryption algorithms are introduced, cryptanalysis determines how hard it is to break the code (study)
  • 57.
    CRYPTOGRAPHY Cryptanalysis • It isalso used to refer to any attempt to avoid the security of other types of cryptographic algorithms and protocols in general, and not just encryption. • This process is mathematically challenging and complex as cryptography. • Cryptanalysis contains various ways to achieve its goal and uses a number of attack strategies
  • 58.
    CRYPTOGRAPHY Cryptanalysis – Ciphertext-OnlyAttack • an attack model which is used by cryptanalyst in which without knowing the plain text, he works on cipher text • The intention will be to find the corresponding plain text or a key • E.g. attack on PDF data encryption using default RC4 algorithm
  • 59.
    CRYPTOGRAPHY Cryptanalysis – Known-plaintextAttack • It is an attack model (used by cryptanalyst) where both sample plaintext and cipher text is used by attacker to find out the secret key Cryptanalysis – Chosen-plaintext Attack • It is an attack model where the cryptanalyst specify his own plain text and encrypt it. • This can be used to learn characteristics about the encryption algorithm(public key algorithms) • For example he can provide an empty text, a text which consists of one ‘a’ or two ‘aa’ characters.
  • 60.
    CRYPTOGRAPHY Cryptanalysis – Bruteforce attack • A strategy used to break down passwords • It is the most common method which tries all possible permutations of the password until the correct one is found but starts cracking with the commonly used passwords(Dictionary attack) • The time required to find a password depends on: 1. How long the password is 2. How many characters are allowed in each position (upper case, lower case, numbers, special characters)
  • 61.
    CRYPTOGRAPHY Summary • Advantage ofprivate/secret key cryptography is that it provides better secrecy but needs prearranged key exchange. • Advantage of public-key cryptography is that it allows for secrecy between two parties who have not arranged in advance to have a shared key (or trusted some third party to give it to them) and the disadvantage is overhead and speed. • Therefore, in practice, hybrid systems use both!!