SlideShare a Scribd company logo

Security - ch3.pptx

Download as PPTX, PDF
H
HabtamuHaileMichael2

This document provides an overview of cryptography techniques. It defines cryptography, cryptanalysis, and cryptology. It discusses the purpose and services provided by cryptography including confidentiality, message integrity, non-repudiation, and authentication. It describes the components of cryptography including plaintext, ciphertext, encryption algorithms, secret keys, decryption algorithms. It discusses symmetric and asymmetric encryption techniques. It provides examples of encryption algorithms like DES, AES, RSA, and hash functions.

Education
1 of 61
Computer Security and Privacy (CS 671 – 2CrHr) Chapter 3-Security Techniques Department of Computer Science School of Postgraduate Studies Admas University
Cryptography = the science (art) of encryption Cryptanalysis = the science (art) of breaking encryption Cryptology = cryptography + cryptanalysis DEFINITIONS
3 PURPOSE OF CRYPTOGRAPHY • Secure stored information - regardless if access obtained • Secure transmitted information - regardless if transmission has been monitored
4 SERVICES PROVIDED BY CRYPTOGRAPHY • Confidentiality – provides privacy for messages and stored data by hiding • Message Integrity – provides assurance to all parties that a message remains unchanged • Non-repudiation – Can prove a document came from X even if X denies it • Authentication – identifies the origin of a message – verifies the identity of person using a computer system
6 CRYPTOGRAPHY • Cryptography has the following components: -Plaintext: This is what you want to encrypt. -Ciphertext: The encrypted output. -Enciphering or encryption: The process by which plaintext is converted into ciphertext. - Encryption algorithm: The sequence of data processing steps that go into transforming plaintext into ciphertext. -Secret Key: is used to set some or all of the various parameters used by the encryption algorithm. -Deciphering or decryption: Recovering plaintext from ciphertext. - Decryption algorithm: The sequence of data processing steps that go into transforming ciphertext back into plaintext.
KEYS • A key can be thought of as simply a collection of bits • The more bits, the stronger the key • Keys are tied to specific encryption algorithms • Lengths vary depending on the encryption algorithm – e.g. 128 bits is long for some algorithms, but short for others 1 0 1 1 1 1 0 1 1 1 0 1 1 0 0 1 0 1 7
8 CRYPTOGRAPHY • Encryption Overview – Plain text is converted to cipher text by use of an algorithm and key. • Algorithm is publicly known • Key is held private – Three Main Categories • Secret Key – single key is used to encrypt and decrypt information • Public/Private Key – two keys are used: one for encryption (public key) and one for decryption (private key) • One-way Function – information is encrypted to produce a “digest” of the original information that can be used later to prove its authenticity
ENCRYPTION • Encryption is the process of taking some data and a key and feeding it into a function and getting encrypted data out • Encrypted data is, in principle, unreadable unless decrypted Encryption Function 8
DECRYPTION • Decryption is the process of taking encrypted data and a key and feeding it into a function and getting out the original data – Encryption and decryption functions are linked Decryption Function 9
Symmetric Encryption • Encryption and decryption algorithms that use the same key are called symmetric – In this case everyone wanting to read encrypted data must share the same key • Sender and receive have the same secret key that will encrypt and decrypt plain text. • Strength of encryption technique depends on key length Encrypt Decrypt ENCRYPTION TECHNIQUES 10
12 ENCRYPTION TECHNIQUES… • Secret Key (Symmetric) – Known symmetrical algorithms • Data Encryption Standard (DES) – 56 bit key • Triple DES, DESX, GDES, RDES – 168 bit key • Advanced Encryption Standard (AES) – 128, 192,256 key sizes • RC2, RC4, RC5 – variable length up to 2048 bits • IDEA - basis of PGP – 128 bit key • Blowfish
Asymmetric Encryption •Encryption and decryption algorithms that use a key pair are called asymmetric –Keys are mathematically linked •Most common algorithm is the RSA (Rivest Shamir Adelman) algorithm with key lengths from 512 to 1024 bits. 13 ENCRYPTION TECHNIQUES…
CRYPTOGRAPHY DES • In 1973, the NBS (National Bureau of Standards, now called NIST - National Institute of Standards and Technology) published a request for an encryption algorithm that would meet the following criteria: • have a high security level • be easily understood • not depend on the algorithm's confidentiality • be adaptable and economical • be efficient and exportable In late 1974, IBM proposed "Lucifer", which was then modified by NSA (National Security Agency) in 1976 to become the DES (Data Encryption Standard). DES was approved by the NBS in 1978. The DES was standardized by the ANSI under the name of ANSI X3.92, also known as DEA (Data Encryption Algorithm).
CRYPTOGRAPHY DES • DES Utilizes block cipher, which means that during the encryption process, the plaintext is broken into fixed length blocks of 64 bits. • To do the encryption, DES uses a 64 bits long key. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56 bits. • 56-bit key gives 256 ( 7.2*1016) possible key variations • How DES works?
CRYPTOGRAPHY DES • DES was best suited for implementation in hardware, probably to discourage implementations in software, which tend to be slow by comparison during that time. • Modern computers are so fast that satisfactory software implementations for DES are possible. • DES is the most widely used symmetric algorithm despite claims whether 56 bits is long enough to guarantee security. • Using current technology, 56-bit key size is vulnerable to a brute force attack.
CRYPTOGRAPHY DES • Cracking: The most basic method of attack for any cypher is brute force - trying every possible key in turn. • The length of the key determines the number of possible keys, and hence the feasibility of the approach. • DES is not adequate with this regard due to its key size • In academia, various proposals for a DES-cracking machine were advanced. • In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million which could find a DES key in a single day. • By 1993, Wiener had proposed a key-search machine costing US$1 million which would find a key within 7 hours. • However, none of these early proposals were ever implemented.
CRYPTOGRAPHY DES • The vulnerability of DES was practically demonstrated in 1997, where RSA Security sponsored a series of contests, offering a $10,000 prize to the first team that broke a message encrypted with DES for the contest. That contest was won by the DESCHALL Project, led by Rocke Verser, Matt Curtin, and Justin Dolske, using idle cycles of thousands of computers across the Internet. • The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built by the Electronic Frontier Foundation (EFF), a cyberspace civil rights group, at the cost of approximately US$250,000. Their motivation was to show that DES was breakable in practice as well as in theory.
CRYPTOGRAPHY DES • A variant of DES, Triple DES (3-DES), provides enhanced security by executing the core algorithm three times in a row. • With triple length key of three 56-bit keys K1, K2 & K3, encryption is:  Encrypt with K1  Decrypt with K2  Encrypt with K3 • Decryption is the reverse process:  Decrypt with K3  Encrypt with K2  Decrypt with K1 • Setting K3 equal to K1 in these processes gives us a double length key K1, K2. • Setting K1, K2 and K3 all equal to K has the same effect as using a single-length (56-bit key). • Thus it is possible for a system using triple-DES to be compatible with a system using single-DES.
CRYPTOGRAPHY Asymmetric/Public key/ Cryptography • Also called public-key cryptography  keys for encryption and decryption are different but form a unique pair  P = DKD [EKE (P) ]  Only one of the keys need to be private while the other can be public • Invented by Diffie and Hellman in 1976 • It is a revolutionary concept since it avoids the need of using a secure channel to communicate the key • It has made cryptography available for the general public and made many of today’s on-line application feasible
CRYPTOGRAPHY Public-key Cryptography • Which one of the encryption or decryption key is made public depends on the use of the key If Hana wants to send a confidential message to Ahmed  She encrypts the message using Ahmed’s public key  Send the message  Ahmed will then decode it using his own private key On the other hand, if Ahmed needs to make sure that a message sent by Hana really comes from her, how can he make that?
CRYPTOGRAPHY Public-key Cryptography • Using digital signature Hana has to first encrypt a digital signature using her private key Then encrypt the message (signature included) with Ahmed’s public key Sends the encrypted message to Ahmed Ahmed decrypts the message using his private key Ahmed then decrypts the signature using Hana’s public key If successful, he insures that it comes from Hana
CRYPTOGRAPHY Public-key Cryptography • Summary  A pair of keys (private, public)  If you have the private key, you can easily decrypt what is encrypted by the public key  Otherwise, it is computationally infeasible to decrypt what has been encrypted by the public key
CRYPTOGRAPHY Public-key Cryptographic algorithm: RSA • RSA is from R. Rivest, A. Shamir and L. Aldleman • Principle: No mathematical method is yet known to efficiently find the prime factors of large numbers • In RSA, the private and public keys are constructed from very large prime numbers (consisting of hundred of decimal digits) • One of the keys can be made public • Breaking RSA is equivalent to finding the prime factors for large numbers: this is know to be computationally infeasible • It is only the person who has produced the keys from the prime number who can easily decrypt the messages
CRYPTOGRAPHY RSA • The RSA algorithm  Used both for public key encryption and digital signatures. • Major Activities  Key Generation  Encryption  Digital signing  Decryption  Signature verification
CRYPTOGRAPHY RSA- Key Generating Algorithm 1. Choose/generate two distinct prime numbers p and q. 2. Compute n = pq. 3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function. 4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1. 5. Determine d (1<d<phi) such that φ(n) divides ed-1. Result:  Keep all the values d, p, q and φ secret  e is known as the public key exponent  d is known as the private key exponent
CRYPTOGRAPHY RSA- Encryption Sender A does the following  Obtains the recipient B's public key (n, e)  Represents the plaintext message as a positive integer m  Computes the cipher-text c = me mod n  Sends the cipher-text c to B RSA- Decryption Recipient B does the following  Uses his private key (n, d) to compute m = cd mod n  Extracts the plaintext from the message representative m
CRYPTOGRAPHY RSA- Key Generation Simple Example 1. Select primes p=11, q=3. 2. n = pq = 11*3 = 33 phi = (p-1)(q-1) = 10*2 = 20 3. Choose e=3 Check gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1 4. Compute d (1<d<phi) such that such that phi divides ed-1 (20 divides 3d-1.) Simple testing (d = 2, 3 ...) gives d = 7 Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20). 5. Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7).
CRYPTOGRAPHY RSA- Encryption Example Now say we want to encrypt the message m = 7  c = me mod n = 73 mod 33 = 343 mod 33 = 13  Hence the ciphertext c = 13 To check decryption we compute  m = cd mod n = 137 mod 33 = 7 RSA- Decryption Example Given: Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7) How do we encrypt and decrypt?
CRYPTOGRAPHY RSA- More Meaningful Example Message: ATTACKxATxSEVEN Grouping the characters into blocks of three and computing a message representative integer for each block:  ATT ACK XAT XSE VEN  In the same way that a decimal number can be represented as the sum of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could represent our blocks of three characters in base 26 using A=0, B=1, C=2, ..., Z=25 ATT = 0 x 262 + 19 x 261 + 19 = 513 ACK = 0 x 262 + 2 x 261 + 10 = 62 XAT = 23 x 262 + 0 x 261 + 19 = 15567 XSE = 23 x 262 + 18 x 261 + 4 = 16020 VEN = 21 x 262 + 4 x 261 + 13 = 14313
CRYPTOGRAPHY RSA- More Meaningful Example – Key Generation 1. We "generate" primes p=137 and q=131 2. n = pq = 137*131 = 17,947 phi = (p-1)(q-1) = 136*130 = 17680 3. Select e = 3 check gcd(e, (p-1)(q-1)) = gcd(3, 17680 ) = 1, OK 4. Compute d such that phi divides ed-1 (17680 divides 3d- 1.) Simple testing (d = 2, 3 ...) gives d = 11787 Check: ed-1 = 3* 11787 - 1 = 20, which is divisible by phi (20). 5. Hence  public key, (n, e) = (17947, 3) and  private key (n, d) = (17947, 11787).
CRYPTOGRAPHY To encrypt the first integer that represents "ATT“ (513), we have  c = me mod n = 5133 mod 17947 = 8363 We can verify that our private key is valid by decrypting  m = cd mod n = 836311787 mod 17947 = 513 Using: Public key = (n, e) = (17947, 3) Private key = (n, d) = (17947, 11787) Overall, our plaintext is represented by the set of integers m  (513, 62, 15567, 16020, 14313)  We compute corresponding cipher text integers c = me mod n  (8363, 5017, 11884, 9546, 13366)
CRYPTOGRAPHY Hash functions • One application of cryptography is the use of hash functions • A hash function H takes a message m of arbitrary length and produces a bit string h, h= H (m) • When the hash value h is sent with the message m, it enables to determine whether m has been modified or not
CRYPTOGRAPHY Hash functions • Properties of hash functions  One-way function: It is computationally infeasible to find m that corresponds to a known output of h  It is computationally infeasible, given m and H, to find m’ ≠ m such that H(m) = H(m’)  Given H, it is computationally infeasible to find any two different input values m and m’, such that H(m) = H(m’)
CRYPTOGRAPHY Digital Signature
CRYPTOGRAPHY Digital Signature for Message Integrity and Confidentiality • Principles of Digital Signature  User A signs digitally a message m using cryptographic hash of the message m with the private key of A and attach it to the message m.  Anybody can then decrypt A’s digital signature using A’s public key and compare it with the cryptographic hash of the message m to verify that m was signed by A and m was not altered.
CRYPTOGRAPHY Digital Signature Using Public Key Cryptosystem Notation: KX - : Private key of X KX + : Public key of X • When Hanna sends her message m to Ahmed, she encrypts it with her private key Kh -(m) • If she wants to keep the message content a secret, she can use Ahmed’s public key and send Ka +(m, Kh -(m)) • Hanna is protected against modification by Ahmed since if Ahmed produces m’, he has to find Kh -(m’)
CRYPTOGRAPHY Digital Signature Using Message Digest • H = H (m) is sent along m, where H is a cryptographic hash function • Kh -(H(m)) (or Ka +(m, Kh -(H(m)))) is sent so that Ahmed knows that it comes from Hanna by decrypting it • Ahmed hashes the message m and compares it with H that he has received from Hanna • Hash/Message Digest: Short “signature” of the message, 128–512 bits. • It is extremely improbable that unequal messages have same hash Example: MD5 (Message Digest version 5) and SHA-1
CRYPTOGRAPHY Digital Signature and RSA • Recipient B does the following  Uses sender A's public key (n, e) to compute integer v = se mod n  Extracts the message digest from this integer  Independently computes the message digest of m that has been signed  If both message digests are identical, the signature is valid Signature Verification • Sender A does the following  Creates a message digest of the information to be sent  Represents this digest as an integer m  Uses his/her private key (n, d) to compute the signature s = md mod n.  Sends this signature s along with encrypted m to the recipient B.
CRYPTOGRAPHY Key Distribution: Verifying Someone’s Public Key • Even with public-key cryptosystems and digital signatures, we still have the problem of authentication: binding users to keys. • Early days articles proposed phonebook-like database with Name and Public Key entries. • Attacker can put in his own key for someone else, and start signing fake contracts (and even checks!). • Maybe we can secure the phonebook, but then it kills the idea of keys widely and easily available (publicly) . • Problem: How secure is that database itself?
CRYPTOGRAPHY Key Distribution: Problems • Distribution of a key is a difficult matter! • Solution: Certification/Certificate Authority (CA) that signs (certifies) the public key • For public key, we need a body that certifies the public key is that of the party we need to communicate with • For a symmetric cryptosystem, the initial key must be communicated along a secured channel(?)
CRYPTOGRAPHY Certification • A certificate is a public key and some naming “stuff”, digitally signed by someone you trust (third party) - Certification Authority (CA). • Remark: Just because they are CAs doesn’t mean you should trust them. • The critical thing is that the name in the certificate must match the alleged name. • Common solution to public key distribution today is to have trusted third party to sign the user’s public encryption key. • Resulting certificate will contain information like user’s name/ID, user’s public key, name of CA, start date of certificate, and length of time it is valid. • User publishes certificate with the X.509 standard (for formatting certificates).
CRYPTOGRAPHY Certification - Associated Overheads • An important issue is the longevity of certificates • Lifelong certificates are not feasible • Therefore, we need a way to revoke certificates  Certificate Revocation List (CRL) published regularly
CRYPTOGRAPHY Applications – Electronic Payment • Payment systems - based on direct payment a) Paying in cash. b) Using a check. c) Using a credit card.
CRYPTOGRAPHY Applications – Reading assignment • Electronic cash • E-wallet • Credit card • Debit card
CRYPTOGRAPHY Applications – Security in Electronic Payment • General requirements  In cash based systems (using ATM), the main issue is authentication  Use of card  Electronic money  Protection against fraud  It should not be possible to use the money more than once  It should not be possible to use forged money  Credit card or check based system  No tampering/alteration  Protection against repudiation (the buyer denies having made the order)
CRYPTOGRAPHY Applications – Secure Electronic Transaction (SET) • SET is the result of efforts by VISA, Mastercard, etc. to develop a standard way of purchasing goods over a network using a credit card • SET is an open standard: entire protocol is published • Dual signature is used in order to avoid  The merchant from knowing the detail of the payment information  The Bank from knowing about the order information
Applications – Secure Electronic Transaction (SET) NETWORK SECURITY • Protect credit card transaction on the Internet. • Companies involved:  MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign • Not a payment system but enables users to employ the existing credit card payment infrastructure on an open network (Internet) in a secure manner. • Set of security protocols and formats. CRYPTOGRAPHY
Applications: SET Services NETWORK SECURITY • Provides a secure communication channel in a transaction. • Key Features of SET:  Confidentiality of information  Integrity of data  Cardholder account authentication  Merchant authentication CRYPTOGRAPHY
Application: SET Participants ... NETWORK SECURITY • Customer : Authorized holder of Payment Card • Merchant: Has goods to sell to the Cardholder. • Issuer: Financial institution (such as bank) – connected with the Customer. • Acquirer: Verifies that a card account is active and the proposed purchase does not exceed the credit limit – Connected with the Merchant. • Payment gateway: Operated by the acquirer or a designated third party that processes merchant payment messages • Certification Authority: Trusted entity to issue the X.509V3 public key certificate for customers, Merchants and payment gateways. • The success of SET depends on CA. CRYPTOGRAPHY
Applications: SET (Sequence of events for transactions) NETWORK SECURITY 1. Merchant sends merchant certificate and bank certificate (encrypted with CA’s private key) 2. Customer decrypts certificates, obtains public keys 3. Customer generates order information (OI) and payment info (PI) encrypted with different session keys and dual- signed 4. Merchant sends payment request to bank encrypted with bank-merchant session key 5. Bank sends authorization request to issuing bank 6. Bank sends approval to merchant 7. Merchant sends acknowledgement to customer CRYPTOGRAPHY
Applications: SET Participants NETWORK SECURITY CRYPTOGRAPHY
Applications: SET - Dual Signature NETWORK SECURITY • Dual signature is an important innovation by SET • Used to link two messages that are intended for two different recipients. • The customer wants to send Order Information (OI) to the merchant and Payment Information (PI) to the bank. • Merchant – Does not need to know details of customer’s payment information. • Bank – Does not need to know details of customer’s order. • Privacy!! • The two items, however, must be linked somehow to prove that the payment is intended for this order and not for some other. CRYPTOGRAPHY
Applications: SET Dual Signature H(OI))] || ) ( ( [ PI H H E DS c KR  CRYPTOGRAPHY
Applications: SET Payment processing Customer Sends Purchase Request CRYPTOGRAPHY
Applications: SET Payment processing Merchant Verifies Customer Purchase Request CRYPTOGRAPHY
CRYPTOGRAPHY Cryptanalysis • comes from the Greek word kryptós, "hidden", and analýein, "to loosen" or "to untie" • It is the art of recovering original data (the plain text) that has been encrypted or turned into cipher text without having access to the correct key used in the encryption process • When new encryption algorithms are introduced, cryptanalysis determines how hard it is to break the code (study)
CRYPTOGRAPHY Cryptanalysis • It is also used to refer to any attempt to avoid the security of other types of cryptographic algorithms and protocols in general, and not just encryption. • This process is mathematically challenging and complex as cryptography. • Cryptanalysis contains various ways to achieve its goal and uses a number of attack strategies
CRYPTOGRAPHY Cryptanalysis – Ciphertext-Only Attack • an attack model which is used by cryptanalyst in which without knowing the plain text, he works on cipher text • The intention will be to find the corresponding plain text or a key • E.g. attack on PDF data encryption using default RC4 algorithm
CRYPTOGRAPHY Cryptanalysis – Known-plaintext Attack • It is an attack model (used by cryptanalyst) where both sample plaintext and cipher text is used by attacker to find out the secret key Cryptanalysis – Chosen-plaintext Attack • It is an attack model where the cryptanalyst specify his own plain text and encrypt it. • This can be used to learn characteristics about the encryption algorithm(public key algorithms) • For example he can provide an empty text, a text which consists of one ‘a’ or two ‘aa’ characters.
CRYPTOGRAPHY Cryptanalysis – Brute force attack • A strategy used to break down passwords • It is the most common method which tries all possible permutations of the password until the correct one is found but starts cracking with the commonly used passwords(Dictionary attack) • The time required to find a password depends on: 1. How long the password is 2. How many characters are allowed in each position (upper case, lower case, numbers, special characters)
CRYPTOGRAPHY Summary • Advantage of private/secret key cryptography is that it provides better secrecy but needs prearranged key exchange. • Advantage of public-key cryptography is that it allows for secrecy between two parties who have not arranged in advance to have a shared key (or trusted some third party to give it to them) and the disadvantage is overhead and speed. • Therefore, in practice, hybrid systems use both!!

Recommended

Security - ch3.pptx
Security - ch3.pptxSecurity - ch3.pptx
Security - ch3.pptxGebrehanaAlemaw
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subjectdeepan v
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationBitcoin Association of Australia
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptographyVaibhav Khanna
 
Data encryption
Data encryptionData encryption
Data encryptionBalvant Biradar
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityPa Van Tanku
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniquesMohitManna
 
Pooguzhali
PooguzhaliPooguzhali
PooguzhaliNIVEDHINIMANIVANNAN
 

Recommended

Security - ch3.pptx
Security - ch3.pptxSecurity - ch3.pptx
Security - ch3.pptxGebrehanaAlemaw
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subjectdeepan v
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationBitcoin Association of Australia
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptographyVaibhav Khanna
 
Data encryption
Data encryptionData encryption
Data encryptionBalvant Biradar
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityPa Van Tanku
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniquesMohitManna
 
Pooguzhali
PooguzhaliPooguzhali
PooguzhaliNIVEDHINIMANIVANNAN
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesMurali Krishna
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptxKennedyKiplangat1
 
Cyptography and network security unit 3-1
Cyptography and network security unit 3-1Cyptography and network security unit 3-1
Cyptography and network security unit 3-1AsrithaKorupolu
 
Lecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptxLecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptxmustafaenayat
 
Rsa
RsaRsa
Rsamagentie
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
RSA
RSARSA
RSAAbirami Thangavel
 
Cryptography
CryptographyCryptography
CryptographyNishant Pahad
 
Network security
Network securityNetwork security
Network securityABHISHEK KUMAR
 
Cryptography
CryptographyCryptography
CryptographyMuhammad Shoaib Saleem
 
UNIT-IV.pptx
UNIT-IV.pptxUNIT-IV.pptx
UNIT-IV.pptxSunnyAnchews
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem Gyanmanjari Institute Of Technology
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarDurlove Kumbhakar
 
Ch9
Ch9Ch9
Ch9Mahender Kumar
 
Cryptography cse,ru
Cryptography cse,ruCryptography cse,ru
Cryptography cse,ruHossain Md Shakhawat
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 

More Related Content

Similar to Security - ch3.pptx

How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesMurali Krishna
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
Cyptography and network security unit 3-1
Cyptography and network security unit 3-1Cyptography and network security unit 3-1
Cyptography and network security unit 3-1AsrithaKorupolu
 
Lecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptxLecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptxmustafaenayat
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarDurlove Kumbhakar
 

Similar to Security - ch3.pptx (20)

How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part One
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modules
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptx
 
Cyptography and network security unit 3-1
Cyptography and network security unit 3-1Cyptography and network security unit 3-1
Cyptography and network security unit 3-1
 
Lecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptxLecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptx
 
Rsa
RsaRsa
Rsa
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
 
RSA
RSARSA
RSA
 
Cryptography
CryptographyCryptography
Cryptography
 
Network security
Network securityNetwork security
Network security
 
Cryptography
CryptographyCryptography
Cryptography
 
UNIT-IV.pptx
UNIT-IV.pptxUNIT-IV.pptx
UNIT-IV.pptx
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab Kumbhakar
 
Ch9
Ch9Ch9
Ch9
 
Cryptography cse,ru
Cryptography cse,ruCryptography cse,ru
Cryptography cse,ru
 

Recently uploaded

Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 

Recently uploaded (20)

Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 

Security - ch3.pptx

  • 1. Computer Security and Privacy (CS 671 – 2CrHr) Chapter 3-Security Techniques Department of Computer Science School of Postgraduate Studies Admas University
  • 2. Cryptography = the science (art) of encryption Cryptanalysis = the science (art) of breaking encryption Cryptology = cryptography + cryptanalysis DEFINITIONS
  • 3. 3 PURPOSE OF CRYPTOGRAPHY • Secure stored information - regardless if access obtained • Secure transmitted information - regardless if transmission has been monitored
  • 4. 4 SERVICES PROVIDED BY CRYPTOGRAPHY • Confidentiality – provides privacy for messages and stored data by hiding • Message Integrity – provides assurance to all parties that a message remains unchanged • Non-repudiation – Can prove a document came from X even if X denies it • Authentication – identifies the origin of a message – verifies the identity of person using a computer system
  • 5. 6 CRYPTOGRAPHY • Cryptography has the following components: -Plaintext: This is what you want to encrypt. -Ciphertext: The encrypted output. -Enciphering or encryption: The process by which plaintext is converted into ciphertext. - Encryption algorithm: The sequence of data processing steps that go into transforming plaintext into ciphertext. -Secret Key: is used to set some or all of the various parameters used by the encryption algorithm. -Deciphering or decryption: Recovering plaintext from ciphertext. - Decryption algorithm: The sequence of data processing steps that go into transforming ciphertext back into plaintext.
  • 6. KEYS • A key can be thought of as simply a collection of bits • The more bits, the stronger the key • Keys are tied to specific encryption algorithms • Lengths vary depending on the encryption algorithm – e.g. 128 bits is long for some algorithms, but short for others 1 0 1 1 1 1 0 1 1 1 0 1 1 0 0 1 0 1 7
  • 7. 8 CRYPTOGRAPHY • Encryption Overview – Plain text is converted to cipher text by use of an algorithm and key. • Algorithm is publicly known • Key is held private – Three Main Categories • Secret Key – single key is used to encrypt and decrypt information • Public/Private Key – two keys are used: one for encryption (public key) and one for decryption (private key) • One-way Function – information is encrypted to produce a “digest” of the original information that can be used later to prove its authenticity
  • 8. ENCRYPTION • Encryption is the process of taking some data and a key and feeding it into a function and getting encrypted data out • Encrypted data is, in principle, unreadable unless decrypted Encryption Function 8
  • 9. DECRYPTION • Decryption is the process of taking encrypted data and a key and feeding it into a function and getting out the original data – Encryption and decryption functions are linked Decryption Function 9
  • 10. Symmetric Encryption • Encryption and decryption algorithms that use the same key are called symmetric – In this case everyone wanting to read encrypted data must share the same key • Sender and receive have the same secret key that will encrypt and decrypt plain text. • Strength of encryption technique depends on key length Encrypt Decrypt ENCRYPTION TECHNIQUES 10
  • 11. 12 ENCRYPTION TECHNIQUES… • Secret Key (Symmetric) – Known symmetrical algorithms • Data Encryption Standard (DES) – 56 bit key • Triple DES, DESX, GDES, RDES – 168 bit key • Advanced Encryption Standard (AES) – 128, 192,256 key sizes • RC2, RC4, RC5 – variable length up to 2048 bits • IDEA - basis of PGP – 128 bit key • Blowfish
  • 12. Asymmetric Encryption •Encryption and decryption algorithms that use a key pair are called asymmetric –Keys are mathematically linked •Most common algorithm is the RSA (Rivest Shamir Adelman) algorithm with key lengths from 512 to 1024 bits. 13 ENCRYPTION TECHNIQUES…
  • 13. CRYPTOGRAPHY DES • In 1973, the NBS (National Bureau of Standards, now called NIST - National Institute of Standards and Technology) published a request for an encryption algorithm that would meet the following criteria: • have a high security level • be easily understood • not depend on the algorithm's confidentiality • be adaptable and economical • be efficient and exportable In late 1974, IBM proposed "Lucifer", which was then modified by NSA (National Security Agency) in 1976 to become the DES (Data Encryption Standard). DES was approved by the NBS in 1978. The DES was standardized by the ANSI under the name of ANSI X3.92, also known as DEA (Data Encryption Algorithm).
  • 14. CRYPTOGRAPHY DES • DES Utilizes block cipher, which means that during the encryption process, the plaintext is broken into fixed length blocks of 64 bits. • To do the encryption, DES uses a 64 bits long key. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56 bits. • 56-bit key gives 256 ( 7.2*1016) possible key variations • How DES works?
  • 15. CRYPTOGRAPHY DES • DES was best suited for implementation in hardware, probably to discourage implementations in software, which tend to be slow by comparison during that time. • Modern computers are so fast that satisfactory software implementations for DES are possible. • DES is the most widely used symmetric algorithm despite claims whether 56 bits is long enough to guarantee security. • Using current technology, 56-bit key size is vulnerable to a brute force attack.
  • 16. CRYPTOGRAPHY DES • Cracking: The most basic method of attack for any cypher is brute force - trying every possible key in turn. • The length of the key determines the number of possible keys, and hence the feasibility of the approach. • DES is not adequate with this regard due to its key size • In academia, various proposals for a DES-cracking machine were advanced. • In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million which could find a DES key in a single day. • By 1993, Wiener had proposed a key-search machine costing US$1 million which would find a key within 7 hours. • However, none of these early proposals were ever implemented.
  • 17. CRYPTOGRAPHY DES • The vulnerability of DES was practically demonstrated in 1997, where RSA Security sponsored a series of contests, offering a $10,000 prize to the first team that broke a message encrypted with DES for the contest. That contest was won by the DESCHALL Project, led by Rocke Verser, Matt Curtin, and Justin Dolske, using idle cycles of thousands of computers across the Internet. • The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built by the Electronic Frontier Foundation (EFF), a cyberspace civil rights group, at the cost of approximately US$250,000. Their motivation was to show that DES was breakable in practice as well as in theory.
  • 18. CRYPTOGRAPHY DES • A variant of DES, Triple DES (3-DES), provides enhanced security by executing the core algorithm three times in a row. • With triple length key of three 56-bit keys K1, K2 & K3, encryption is:  Encrypt with K1  Decrypt with K2  Encrypt with K3 • Decryption is the reverse process:  Decrypt with K3  Encrypt with K2  Decrypt with K1 • Setting K3 equal to K1 in these processes gives us a double length key K1, K2. • Setting K1, K2 and K3 all equal to K has the same effect as using a single-length (56-bit key). • Thus it is possible for a system using triple-DES to be compatible with a system using single-DES.
  • 19. CRYPTOGRAPHY Asymmetric/Public key/ Cryptography • Also called public-key cryptography  keys for encryption and decryption are different but form a unique pair  P = DKD [EKE (P) ]  Only one of the keys need to be private while the other can be public • Invented by Diffie and Hellman in 1976 • It is a revolutionary concept since it avoids the need of using a secure channel to communicate the key • It has made cryptography available for the general public and made many of today’s on-line application feasible
  • 20. CRYPTOGRAPHY Public-key Cryptography • Which one of the encryption or decryption key is made public depends on the use of the key If Hana wants to send a confidential message to Ahmed  She encrypts the message using Ahmed’s public key  Send the message  Ahmed will then decode it using his own private key On the other hand, if Ahmed needs to make sure that a message sent by Hana really comes from her, how can he make that?
  • 21. CRYPTOGRAPHY Public-key Cryptography • Using digital signature Hana has to first encrypt a digital signature using her private key Then encrypt the message (signature included) with Ahmed’s public key Sends the encrypted message to Ahmed Ahmed decrypts the message using his private key Ahmed then decrypts the signature using Hana’s public key If successful, he insures that it comes from Hana
  • 22. CRYPTOGRAPHY Public-key Cryptography • Summary  A pair of keys (private, public)  If you have the private key, you can easily decrypt what is encrypted by the public key  Otherwise, it is computationally infeasible to decrypt what has been encrypted by the public key
  • 23. CRYPTOGRAPHY Public-key Cryptographic algorithm: RSA • RSA is from R. Rivest, A. Shamir and L. Aldleman • Principle: No mathematical method is yet known to efficiently find the prime factors of large numbers • In RSA, the private and public keys are constructed from very large prime numbers (consisting of hundred of decimal digits) • One of the keys can be made public • Breaking RSA is equivalent to finding the prime factors for large numbers: this is know to be computationally infeasible • It is only the person who has produced the keys from the prime number who can easily decrypt the messages
  • 24. CRYPTOGRAPHY RSA • The RSA algorithm  Used both for public key encryption and digital signatures. • Major Activities  Key Generation  Encryption  Digital signing  Decryption  Signature verification
  • 25. CRYPTOGRAPHY RSA- Key Generating Algorithm 1. Choose/generate two distinct prime numbers p and q. 2. Compute n = pq. 3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function. 4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1. 5. Determine d (1<d<phi) such that φ(n) divides ed-1. Result:  Keep all the values d, p, q and φ secret  e is known as the public key exponent  d is known as the private key exponent
  • 26. CRYPTOGRAPHY RSA- Encryption Sender A does the following  Obtains the recipient B's public key (n, e)  Represents the plaintext message as a positive integer m  Computes the cipher-text c = me mod n  Sends the cipher-text c to B RSA- Decryption Recipient B does the following  Uses his private key (n, d) to compute m = cd mod n  Extracts the plaintext from the message representative m
  • 27. CRYPTOGRAPHY RSA- Key Generation Simple Example 1. Select primes p=11, q=3. 2. n = pq = 11*3 = 33 phi = (p-1)(q-1) = 10*2 = 20 3. Choose e=3 Check gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1 4. Compute d (1<d<phi) such that such that phi divides ed-1 (20 divides 3d-1.) Simple testing (d = 2, 3 ...) gives d = 7 Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20). 5. Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7).
  • 28. CRYPTOGRAPHY RSA- Encryption Example Now say we want to encrypt the message m = 7  c = me mod n = 73 mod 33 = 343 mod 33 = 13  Hence the ciphertext c = 13 To check decryption we compute  m = cd mod n = 137 mod 33 = 7 RSA- Decryption Example Given: Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7) How do we encrypt and decrypt?
  • 29. CRYPTOGRAPHY RSA- More Meaningful Example Message: ATTACKxATxSEVEN Grouping the characters into blocks of three and computing a message representative integer for each block:  ATT ACK XAT XSE VEN  In the same way that a decimal number can be represented as the sum of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could represent our blocks of three characters in base 26 using A=0, B=1, C=2, ..., Z=25 ATT = 0 x 262 + 19 x 261 + 19 = 513 ACK = 0 x 262 + 2 x 261 + 10 = 62 XAT = 23 x 262 + 0 x 261 + 19 = 15567 XSE = 23 x 262 + 18 x 261 + 4 = 16020 VEN = 21 x 262 + 4 x 261 + 13 = 14313
  • 30. CRYPTOGRAPHY RSA- More Meaningful Example – Key Generation 1. We "generate" primes p=137 and q=131 2. n = pq = 137*131 = 17,947 phi = (p-1)(q-1) = 136*130 = 17680 3. Select e = 3 check gcd(e, (p-1)(q-1)) = gcd(3, 17680 ) = 1, OK 4. Compute d such that phi divides ed-1 (17680 divides 3d- 1.) Simple testing (d = 2, 3 ...) gives d = 11787 Check: ed-1 = 3* 11787 - 1 = 20, which is divisible by phi (20). 5. Hence  public key, (n, e) = (17947, 3) and  private key (n, d) = (17947, 11787).
  • 31. CRYPTOGRAPHY To encrypt the first integer that represents "ATT“ (513), we have  c = me mod n = 5133 mod 17947 = 8363 We can verify that our private key is valid by decrypting  m = cd mod n = 836311787 mod 17947 = 513 Using: Public key = (n, e) = (17947, 3) Private key = (n, d) = (17947, 11787) Overall, our plaintext is represented by the set of integers m  (513, 62, 15567, 16020, 14313)  We compute corresponding cipher text integers c = me mod n  (8363, 5017, 11884, 9546, 13366)
  • 32. CRYPTOGRAPHY Hash functions • One application of cryptography is the use of hash functions • A hash function H takes a message m of arbitrary length and produces a bit string h, h= H (m) • When the hash value h is sent with the message m, it enables to determine whether m has been modified or not
  • 33. CRYPTOGRAPHY Hash functions • Properties of hash functions  One-way function: It is computationally infeasible to find m that corresponds to a known output of h  It is computationally infeasible, given m and H, to find m’ ≠ m such that H(m) = H(m’)  Given H, it is computationally infeasible to find any two different input values m and m’, such that H(m) = H(m’)
  • 35. CRYPTOGRAPHY Digital Signature for Message Integrity and Confidentiality • Principles of Digital Signature  User A signs digitally a message m using cryptographic hash of the message m with the private key of A and attach it to the message m.  Anybody can then decrypt A’s digital signature using A’s public key and compare it with the cryptographic hash of the message m to verify that m was signed by A and m was not altered.
  • 36. CRYPTOGRAPHY Digital Signature Using Public Key Cryptosystem Notation: KX - : Private key of X KX + : Public key of X • When Hanna sends her message m to Ahmed, she encrypts it with her private key Kh -(m) • If she wants to keep the message content a secret, she can use Ahmed’s public key and send Ka +(m, Kh -(m)) • Hanna is protected against modification by Ahmed since if Ahmed produces m’, he has to find Kh -(m’)
  • 37. CRYPTOGRAPHY Digital Signature Using Message Digest • H = H (m) is sent along m, where H is a cryptographic hash function • Kh -(H(m)) (or Ka +(m, Kh -(H(m)))) is sent so that Ahmed knows that it comes from Hanna by decrypting it • Ahmed hashes the message m and compares it with H that he has received from Hanna • Hash/Message Digest: Short “signature” of the message, 128–512 bits. • It is extremely improbable that unequal messages have same hash Example: MD5 (Message Digest version 5) and SHA-1
  • 38. CRYPTOGRAPHY Digital Signature and RSA • Recipient B does the following  Uses sender A's public key (n, e) to compute integer v = se mod n  Extracts the message digest from this integer  Independently computes the message digest of m that has been signed  If both message digests are identical, the signature is valid Signature Verification • Sender A does the following  Creates a message digest of the information to be sent  Represents this digest as an integer m  Uses his/her private key (n, d) to compute the signature s = md mod n.  Sends this signature s along with encrypted m to the recipient B.
  • 39. CRYPTOGRAPHY Key Distribution: Verifying Someone’s Public Key • Even with public-key cryptosystems and digital signatures, we still have the problem of authentication: binding users to keys. • Early days articles proposed phonebook-like database with Name and Public Key entries. • Attacker can put in his own key for someone else, and start signing fake contracts (and even checks!). • Maybe we can secure the phonebook, but then it kills the idea of keys widely and easily available (publicly) . • Problem: How secure is that database itself?
  • 40. CRYPTOGRAPHY Key Distribution: Problems • Distribution of a key is a difficult matter! • Solution: Certification/Certificate Authority (CA) that signs (certifies) the public key • For public key, we need a body that certifies the public key is that of the party we need to communicate with • For a symmetric cryptosystem, the initial key must be communicated along a secured channel(?)
  • 41. CRYPTOGRAPHY Certification • A certificate is a public key and some naming “stuff”, digitally signed by someone you trust (third party) - Certification Authority (CA). • Remark: Just because they are CAs doesn’t mean you should trust them. • The critical thing is that the name in the certificate must match the alleged name. • Common solution to public key distribution today is to have trusted third party to sign the user’s public encryption key. • Resulting certificate will contain information like user’s name/ID, user’s public key, name of CA, start date of certificate, and length of time it is valid. • User publishes certificate with the X.509 standard (for formatting certificates).
  • 42. CRYPTOGRAPHY Certification - Associated Overheads • An important issue is the longevity of certificates • Lifelong certificates are not feasible • Therefore, we need a way to revoke certificates  Certificate Revocation List (CRL) published regularly
  • 43. CRYPTOGRAPHY Applications – Electronic Payment • Payment systems - based on direct payment a) Paying in cash. b) Using a check. c) Using a credit card.
  • 44. CRYPTOGRAPHY Applications – Reading assignment • Electronic cash • E-wallet • Credit card • Debit card
  • 45. CRYPTOGRAPHY Applications – Security in Electronic Payment • General requirements  In cash based systems (using ATM), the main issue is authentication  Use of card  Electronic money  Protection against fraud  It should not be possible to use the money more than once  It should not be possible to use forged money  Credit card or check based system  No tampering/alteration  Protection against repudiation (the buyer denies having made the order)
  • 46. CRYPTOGRAPHY Applications – Secure Electronic Transaction (SET) • SET is the result of efforts by VISA, Mastercard, etc. to develop a standard way of purchasing goods over a network using a credit card • SET is an open standard: entire protocol is published • Dual signature is used in order to avoid  The merchant from knowing the detail of the payment information  The Bank from knowing about the order information
  • 47. Applications – Secure Electronic Transaction (SET) NETWORK SECURITY • Protect credit card transaction on the Internet. • Companies involved:  MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign • Not a payment system but enables users to employ the existing credit card payment infrastructure on an open network (Internet) in a secure manner. • Set of security protocols and formats. CRYPTOGRAPHY
  • 48. Applications: SET Services NETWORK SECURITY • Provides a secure communication channel in a transaction. • Key Features of SET:  Confidentiality of information  Integrity of data  Cardholder account authentication  Merchant authentication CRYPTOGRAPHY
  • 49. Application: SET Participants ... NETWORK SECURITY • Customer : Authorized holder of Payment Card • Merchant: Has goods to sell to the Cardholder. • Issuer: Financial institution (such as bank) – connected with the Customer. • Acquirer: Verifies that a card account is active and the proposed purchase does not exceed the credit limit – Connected with the Merchant. • Payment gateway: Operated by the acquirer or a designated third party that processes merchant payment messages • Certification Authority: Trusted entity to issue the X.509V3 public key certificate for customers, Merchants and payment gateways. • The success of SET depends on CA. CRYPTOGRAPHY
  • 50. Applications: SET (Sequence of events for transactions) NETWORK SECURITY 1. Merchant sends merchant certificate and bank certificate (encrypted with CA’s private key) 2. Customer decrypts certificates, obtains public keys 3. Customer generates order information (OI) and payment info (PI) encrypted with different session keys and dual- signed 4. Merchant sends payment request to bank encrypted with bank-merchant session key 5. Bank sends authorization request to issuing bank 6. Bank sends approval to merchant 7. Merchant sends acknowledgement to customer CRYPTOGRAPHY
  • 51. Applications: SET Participants NETWORK SECURITY CRYPTOGRAPHY
  • 52. Applications: SET - Dual Signature NETWORK SECURITY • Dual signature is an important innovation by SET • Used to link two messages that are intended for two different recipients. • The customer wants to send Order Information (OI) to the merchant and Payment Information (PI) to the bank. • Merchant – Does not need to know details of customer’s payment information. • Bank – Does not need to know details of customer’s order. • Privacy!! • The two items, however, must be linked somehow to prove that the payment is intended for this order and not for some other. CRYPTOGRAPHY
  • 53. Applications: SET Dual Signature H(OI))] || ) ( ( [ PI H H E DS c KR  CRYPTOGRAPHY
  • 54. Applications: SET Payment processing Customer Sends Purchase Request CRYPTOGRAPHY
  • 55. Applications: SET Payment processing Merchant Verifies Customer Purchase Request CRYPTOGRAPHY
  • 56. CRYPTOGRAPHY Cryptanalysis • comes from the Greek word kryptós, "hidden", and analýein, "to loosen" or "to untie" • It is the art of recovering original data (the plain text) that has been encrypted or turned into cipher text without having access to the correct key used in the encryption process • When new encryption algorithms are introduced, cryptanalysis determines how hard it is to break the code (study)
  • 57. CRYPTOGRAPHY Cryptanalysis • It is also used to refer to any attempt to avoid the security of other types of cryptographic algorithms and protocols in general, and not just encryption. • This process is mathematically challenging and complex as cryptography. • Cryptanalysis contains various ways to achieve its goal and uses a number of attack strategies
  • 58. CRYPTOGRAPHY Cryptanalysis – Ciphertext-Only Attack • an attack model which is used by cryptanalyst in which without knowing the plain text, he works on cipher text • The intention will be to find the corresponding plain text or a key • E.g. attack on PDF data encryption using default RC4 algorithm
  • 59. CRYPTOGRAPHY Cryptanalysis – Known-plaintext Attack • It is an attack model (used by cryptanalyst) where both sample plaintext and cipher text is used by attacker to find out the secret key Cryptanalysis – Chosen-plaintext Attack • It is an attack model where the cryptanalyst specify his own plain text and encrypt it. • This can be used to learn characteristics about the encryption algorithm(public key algorithms) • For example he can provide an empty text, a text which consists of one ‘a’ or two ‘aa’ characters.
  • 60. CRYPTOGRAPHY Cryptanalysis – Brute force attack • A strategy used to break down passwords • It is the most common method which tries all possible permutations of the password until the correct one is found but starts cracking with the commonly used passwords(Dictionary attack) • The time required to find a password depends on: 1. How long the password is 2. How many characters are allowed in each position (upper case, lower case, numbers, special characters)
  • 61. CRYPTOGRAPHY Summary • Advantage of private/secret key cryptography is that it provides better secrecy but needs prearranged key exchange. • Advantage of public-key cryptography is that it allows for secrecy between two parties who have not arranged in advance to have a shared key (or trusted some third party to give it to them) and the disadvantage is overhead and speed. • Therefore, in practice, hybrid systems use both!!