SlideShare a Scribd company logo

Crypto101: Fundamentals of Cryptography

Download as PPT, PDF
Jim Faith
Jim Faith

This document provides an overview of cryptography fundamentals including: - Symmetric and asymmetric cryptography principles like encryption with keys and digital signatures. - The use of random numbers, prime numbers, and algorithms in cryptography. - Basic security properties like authentication, privacy and integrity. - Digital signatures, envelopes, and certificates that combine cryptographic methods for authentication and privacy. - How cryptography standards and export controls balance security and policy concerns.

1 of 55
Crypto101: The Fundamentals of Cryptography Jim Faith October 7, 1999
2 The October Brown-bag Series • Crypto 101: The Fundamentals of Cryptography • Crypto 201: Advanced Cryptographic Concepts • Crypto 301: The Public Key Infrastructure • Crypto 401: VPN Protocols and SSL
3 Overview • Symmetric Cryptography • Asymmetric Cryptography • Random Numbers and Prime Numbers • Basic Security Properties • Digital signatures • Digital envelopes • Digital certificates • Export Controls and Public Policy
4 Symmetric Cryptography The same key and algorithm are used to encrypt and decrypt. BobAlice
5 An Algorithm An Algorithm is a step-by-step problem-solving procedure, or a recipe algorithm Data Result
6 A Key A Key is a number or value that makes each use of the cryptographic algorithm “unique” Cryptographic algorithm Data Result Key Another K ey Another Result
7 Inner Operations of a Block Cipher 55 ff A B C D <<<<<< <<< <<< S[2i] S[2i+1] A B C D t u
8 Sample keys DES key: E5 74 ae f0 13 20 4f e1
9 Definitions • To encrypt something is to scramble the information so that only the intended recipient can recover the original information. Data recovery is called decryption. • Plaintext is the original form of a message as opposed to the encrypted form. • Ciphertext is the encrypted form of a message as opposed to the original form.
10 Symmetric Cryptography • Symmetric Ciphers are based on logical XOR, Rotation, and Substitution operations. • Two flavors of ciphers: – Block ciphers - these work on a “block” of data objects, generally 64 to 128 bits, at a time. Useful for bulk encryption. – Stream ciphers - these work on small data objects, generally 1 to 64 bits at a time. Useful for byte streams.
11 Symmetric Cryptography • Advantages: – Well known and used – Generally, very fast • Disadvantages: – Initial secret key needs to exchanged via a trusted channel. – Key Management.
12 Symmetric Cryptography Key management: each node on the networkKey management: each node on the network needs to store a key for every other node:needs to store a key for every other node: # system keys = (p * (p-1))/2# system keys = (p * (p-1))/2 2parties,1key 3parties,3keys 4parties,6keys 5parties,10keys
13 Asymmetric Cryptography • Asymmetric algorithms are based on the idea of key pairs, a public key and private key. • The keys are mathematically related such that one key performs an operation on data that only the other key can undo.
14 Bob’s RSA Public Key Bob’s RSA Private Key RSA Public-Key Cryptosystem When Alice wants to send a message to Bob
15 The Math • Asymmetric Cryptography is based on complex Math and Big Numbers. • The RSA algorithm is the de facto standard for public key cryptography and is based on Modular Exponentiation • The Diffie-Hellman algorithm is based on Discrete Logarithms
16 How RSA Works - Modular Exponentiation • Given : n = pq, Choose e • Encryption Formula ci = mi e mod n • Decryption Formula mi = ci d mod n public key : (n,e) Private key: (d)
17 155 decimal digit prime number (512 bits) 1094173864157052742180970732204035761200373245 4492059909138421314763499842889347847179972578 9126733249762575289978183379707653724402714674 3531593354333897 = (102639592829741105772054196573991675900716567 88038066803341933521790711307779) X (106603488380168454820927220360012878679207958 575989291522270608237193062808643) Herman te Riele, CWI- Amsterdam August, ‘99
18 RSA in Summary • If I know n = pq, I can generate prime values for p and q, I can choose a convenient value for e, and then d is easy to calculate - plug in the numbers. • I throw p and q away and make n and e available to the public. • Finding d from n and e is a HARD problem - more correctly computationally infeasible • Attack the system by factoring n
19 Sample keys RSA public key: modulus: ab 38 39 40 54 2c ac 9a c0 37 40 d0 49 04 ed 51 0e 95 72 02 51 c2 ad 9d a7 eb ba 29 ae d4 49 79 53 fa df 01 6c bc 69 46 4c 83 1b d9 3b 59 42 04 99 0f 63 24 75 a0 be 6f 92 4d 9d a2 40 da f8 49 public exponent: 01 00 01
20 Asymmetric Cryptography • Advantages: – Does not require a trusted channel – Provides authentication of sender – Variable key sizes – Scales easily, easy key management
21 Asymmetric Cryptography • Disadvantages of asymmetric ciphers: – Computationally intense therefore requires a bit more processing power. – Need for Authentication of public keys
22 Random Numbers • Random values are used for keys in symmetric crypto. If the key is 56 bits long, every possible combination must be equally likely • Random values are used as seeds to generate prime numbers used in asymmetric crypto. • Security protocols such as IPSec and SSL can use random values for challenge - response authentication
23 Prime Numbers • Used to generate keys in public key crypto • Mathematically convenient - Fermat Primes • Fun Fact - There are 10151 prime numbers less than 155 decimal digits. There are only 1077 atoms in the universe. Bruce Schneier Applied Cryptography
24 Basic Security Properties • Authentication - authenticates each of the communicating parties. • Privacy - data scrambling prevents reading by unauthorized parties. • Integrity - assures that the information was not modified while in transit. • Non-repudiation - disallows a party denying a previous message or action.
25 Digital Signatures • RSA digital signatures – RSA signatures use the RSA Public Key algorithm and a Message Digest algorithm such as MD5 or SHA-1. – Based on the idea that only I can encrypt data with my private key. If that data can be decrypted with my public key, and there is unique relationship between keys, then I must have been the one who performed the original encryption.
26 Message Digests • Arbitrary input length - fixed output • One way function • Irreversible • Collision free MD5MD5 MessageMessage DigestDigest
27 Message Digests 1. Any length input gives the same length output 2. One way: Given a digest, it is impossible to reconstruct the original message 3. It is computationally infeasible to produce a message with a specific digest 4. It is computationally infeasible to produce two messages with the same digest
28 Digital Signatures • An RSA signature is created as follows: – Hash the data object to be signed. – Encrypt the hash with your private key. – Transmit both the data object and the encrypted hash. • The RSA signature is verified as follows: – Hash the data object received. – Decrypt the encrypted hash. – Compare the computed hash with the decrypted hash.
29 } Digest MD5 Alice’s RSA Private Key Encrypted Digest Alice signs a message Authentication: The RSA Digital Signature
30 MD-5 Digest Alice’s RSA Public Key ? Verification: The RSA Digital Signature Bob verifies the signature signature
31 Digital Signature Example Alice wants to buy something from Bob online The two negotiate, agree on a price of $1,000 Alice signs a “contract” She sends the message, “I agree to pay Bob 1,000 dollars.” She signs that message
32 Alice’s signature Alice computes the digest of the message MD5 Digest: cb d8 9e 2f 60 81 79 72 58 10 a2 34 cd df 2f 5e and encrypts this data with her private key. She sends the message to Bob
33 Digital Signature Example Here is what Bob receives : 1. The message: “I agree to pay Bob 1,000 dollars.” 2. The signature: 3a ce af e2 58 8c 25 94 80 2c de 7c 0f 15 3c 40 39 17 ce 32 02 82 31 4f 8e 8b c7 73 aa f9 88 d3 59 b9 69 1a 85 d0 8a b2 60 f5 fb 54 1e a4 93 b7 f5 1d 4b 13 eb 4d 31 98 04 c7 a9 0a 09 e3 42 c2 9f e0 de 89 8b e5 b9 2e fc cc 9c 6b 7e 9d ef fb 07 64 84 86 fa 17 b7 af f6 03 9f 02 46 fb 88 0f
34 Digital Signature Example 3. Alice’s public key: cc 76 65 2b 4b 5d 97 2b 25 c4 64 d2 3b 96 5f aa 52 ca 08 b1 01 22 39 f4 aa 3f 8d 51 8b f5 50 c5 6d c4 c6 84 c7 8f e4 ed 49 27 28 00 5a 7c 10 12 a0 72 ec d2 85 92 a6 b0 f5 20 44 5e 41 eb 48 84 a2 b8 01 d8 b5 79 e6 92 0f a7 d2 5c 0b 02 35 92 63 af 4d d4 be ec ec aa 9d d5 96 71 35 1b b5 9f 01 00 01
35 Bob Tries to Commit Fraud Bob claims Alice agreed to pay $1,000,000 Bob produces the message “I agree to pay Bob 1,000,000 dollars.”
36 Bob Tries to Commit Fraud So we digest the message that Bob presents MD5 Digest: 4d 17 ef 57 11 74 94 44 69 0e 60 dc 68 a4 49 77 We also use Alice’s public key to decrypt her signature, we get cb d8 9e 2f 60 81 79 72 58 10 a2 34 cd df 2f 5e
37 Bob Tries to Commit Fraud The digests do not match, so we can say Alice did not sign that message. Bob does not get $1,000,000. But he does get 5-7 in San Quentin for attempted fraud, because Alice was well connected in the governor's office.
38 Alice Tries to Commit Fraud Alice claims she never agreed to pay Bob $1,000 Bob produces the message “I agree to pay Bob 1,000 dollars.” and its associated digest MD5 Digest: cb d8 9e 2f 60 81 79 72 58 10 a2 34 cd df 2f 5e
39 Alice Tries to Commit Fraud Bob produces a chunk of data he claims is Alice’s signature 3a ce af e2 58 8c 25 94 80 2c de 7c 0f 15 3c 40 39 17 ce 32 02 82 31 4f 8e 8b c7 73 aa f9 88 d3 59 b9 69 1a 85 d0 8a b2 60 f5 fb 54 1e a4 93 b7 f5 1d 4b 13 eb 4d 31 98 04 c7 a9 0a 09 e3 42 c2 9f e0 de 89 8b e5 b9 2e fc cc 9c 6b 7e 9d ef fb 07 64 84 86 fa 17 b7 af f6 03 9f 02 46 fb 88 0f
40 Alice Tries to Commit Fraud We use Alice’s public key to decrypt that chunk of data Bob claims is Alice’s signature, we get cb d8 9e 2f 60 81 79 72 58 10 a2 34 cd df 2f 5e We see it matches the digest of Bob’s message There is only one way Bob could have gotten that chunk of data that produced the digest of the message: Alice signed that message
41 Alice Tries to Commit Fraud Is it possible Bob generated that chunk of data? Is it possible Bob was able to find the right value without knowing Alice’s private key? No one has been able to do it so far So Alice must have signed, she has to pay
42 Digital Envelopes • Digital envelopes are a privacy mechanism for combining the strengths of both cryptographic methods. – A digital envelope is created as follows:a. • Generate a random symmetric or session key. • Encrypt the data object with the session key. • Encrypt the session key with the public key of the recipient. • Transmit both the encrypted data object along with the encrypted session key.
43 Digital Envelopes • To “open” a digital envelope, perform the following: – Decrypt the session key with your private key. – Decrypt the data object with the session key. • Note: a digital envelope does not implicitly increase the security of the encrypted data object. The data object is still only encrypted with the symmetric / session key. Digital envelopes do solve the key distribution problem.
44 }Recipient’s RSA Public Key Random RC4 Key “RSA Digital Envelope” Hi/fn 750 University Av Los Gatos, CA Privacy: The RSA Digital Envelope
45 RSA Digital Envelope Decrypt RC4 key DataEncrypted Data Encrypted Key Recipient’s RSA Private Key
46 The situation: 1. Anyone can generate their own public/private key pairs 2. Anyone can attach any name to a public key 3. Anyone can post a public key in the public directory The dilemma: How do I know for sure that the name on a given public key really represents the person I want to communicate with? The Dilemma
47 Solution A Digital Certificate authenticates the binding between a public key and an individual much like a company ID badge binds your name to your picture. Digital Certificate
48 Name, Organization, Address Owner’s Public Key Certificate Validity Dates Serial Number Certifying Authority’s Digital Signature Document Digital Signature Digital Certificate Digital Certificates
49 Digital Certificates • In using certificates, a trusted third party is needed. The function of this third party is to sign public keys, hence the digital certificate. • A digital certificate is a digital document that contains a public key signed by the trusted third party. • The trusted third party is known as a Certificate Authority or CA.
50 Digital Certificates • The most common type of certificate is referred to as X.509. – This is an international standard for the format and information contained in a certificate. Trust is hierarchical.
51 Certificate Hierarchy Root public key cert cert cert cert cert cert cert cert cert CA CA CACA
52 Export Controls and Public Policy • Hopefully, a historical footnote ... • Governments are concerned with the misuse of encryption: – Espionage – Criminal activity • There is a requisite balance between the government concerns and the use of cryptography for commercial purposes.
53 References • The following are books on cryptography: – Frequently Asked Questions About Today’s Cryptography, Version 4.0., RSA Laboratories – Handbook of Applied Cryptography, Menezes, van Oorschot, and Vanstone, CRC Press, 1997 – Applied Cryptography, Protocols, Algorithms, and Source Code in C, 2nd Edition, Schneier, John Wiley & Sons, Inc. 1996
54 References • The following are URLs containing information on cryptography: – http://www.rsa.com – http://jya.com/crypto.htm – http://www.w3.org/security – http://www.counterpane.com/hotlist.htm
Crypto101: The Fundamentals of Cryptography Jim Faith jfaith@hifn.com October 7, 1999

Recommended

network security
network security network security
network security SayantanRoy14
 
Stallings Kurose and Ross
Stallings Kurose and RossStallings Kurose and Ross
Stallings Kurose and RossInformation Security Awareness Group
 
Cs166 mynote
Cs166 mynoteCs166 mynote
Cs166 mynoteKaya Ota
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6Jesse Burke
 
Pjsmith ip addressing_&_subnetting_made_easy
Pjsmith ip addressing_&_subnetting_made_easyPjsmith ip addressing_&_subnetting_made_easy
Pjsmith ip addressing_&_subnetting_made_easyNaresh Gotad
 
Subnet Mask
Subnet MaskSubnet Mask
Subnet MaskNetProtocol Xpert
 
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersJyothishmathi Institute of Technology and Science Karimnagar
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 

Recommended

network security
network security network security
network security SayantanRoy14
 
Stallings Kurose and Ross
Stallings Kurose and RossStallings Kurose and Ross
Stallings Kurose and RossInformation Security Awareness Group
 
Cs166 mynote
Cs166 mynoteCs166 mynote
Cs166 mynoteKaya Ota
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6Jesse Burke
 
Pjsmith ip addressing_&_subnetting_made_easy
Pjsmith ip addressing_&_subnetting_made_easyPjsmith ip addressing_&_subnetting_made_easy
Pjsmith ip addressing_&_subnetting_made_easyNaresh Gotad
 
Subnet Mask
Subnet MaskSubnet Mask
Subnet MaskNetProtocol Xpert
 
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersJyothishmathi Institute of Technology and Science Karimnagar
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
Cryptocurrency for Dummies
Cryptocurrency for DummiesCryptocurrency for Dummies
Cryptocurrency for DummiesMiguel Duarte
 
Windows power management basic knowledge
Windows power management basic knowledgeWindows power management basic knowledge
Windows power management basic knowledgeYonghong(Dave) Feng
 
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIA
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIAFORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIA
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIAHildass ZH
 
Deontologia procedimiento diapositivas
Deontologia procedimiento diapositivasDeontologia procedimiento diapositivas
Deontologia procedimiento diapositivasDEYSITATIANAIB
 
Trabajos tercera parcial
Trabajos tercera parcialTrabajos tercera parcial
Trabajos tercera parcialDEYSITATIANAIB
 
Pre-Collegiate - Rising Seniors, Day 1
Pre-Collegiate - Rising Seniors, Day 1Pre-Collegiate - Rising Seniors, Day 1
Pre-Collegiate - Rising Seniors, Day 1Ali LaForce
 
DOCENTE
DOCENTEDOCENTE
DOCENTEFabiola Junco Changanaquí
 
How to become an Android developer
How to become an Android developerHow to become an Android developer
How to become an Android developerIvan Kocijan
 
Representative Partner Placements
Representative Partner PlacementsRepresentative Partner Placements
Representative Partner PlacementsJohn Jameson
 
Презентация франшизы интернет-рекламного агентства.
Презентация франшизы интернет-рекламного агентства.Презентация франшизы интернет-рекламного агентства.
Презентация франшизы интернет-рекламного агентства.NikolasLornets
 
Small Small Catch Monkey:The Success Story of Laurelwood
Small Small Catch Monkey:The Success Story of Laurelwood Small Small Catch Monkey:The Success Story of Laurelwood
Small Small Catch Monkey:The Success Story of Laurelwoodvakunta
 
Measuring Thermal Conductivity of Thin Films
Measuring Thermal Conductivity of Thin FilmsMeasuring Thermal Conductivity of Thin Films
Measuring Thermal Conductivity of Thin FilmsKale Crosbie
 
Prueba cuarta parcial de ciencia de estado
Prueba cuarta parcial de ciencia de estadoPrueba cuarta parcial de ciencia de estado
Prueba cuarta parcial de ciencia de estadoDEYSITATIANAIB
 
Resume of Islam M. Elshora MEP Technical Office & BIM Manager
Resume of Islam M. Elshora MEP Technical Office & BIM Manager Resume of Islam M. Elshora MEP Technical Office & BIM Manager
Resume of Islam M. Elshora MEP Technical Office & BIM Manager Islam Elshoura
 
Resume_PRAVESH_SINGH
Resume_PRAVESH_SINGHResume_PRAVESH_SINGH
Resume_PRAVESH_SINGHPRAVESH SINGH
 
Deontologia
DeontologiaDeontologia
DeontologiaDEYSITATIANAIB
 
DOCENTE
DOCENTEDOCENTE
DOCENTEFabiola Junco Changanaquí
 
Universidad técnica de ambatotrabajo de ntics angel diaz
Universidad técnica de ambatotrabajo de ntics angel diazUniversidad técnica de ambatotrabajo de ntics angel diaz
Universidad técnica de ambatotrabajo de ntics angel diazÁngel Fer Dìaz
 
aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxImXaib
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem Gyanmanjari Institute Of Technology
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 

More Related Content

Viewers also liked

Cryptocurrency for Dummies
Cryptocurrency for DummiesCryptocurrency for Dummies
Cryptocurrency for DummiesMiguel Duarte
 
Windows power management basic knowledge
Windows power management basic knowledgeWindows power management basic knowledge
Windows power management basic knowledgeYonghong(Dave) Feng
 
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIA
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIAFORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIA
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIAHildass ZH
 
Deontologia procedimiento diapositivas
Deontologia procedimiento diapositivasDeontologia procedimiento diapositivas
Deontologia procedimiento diapositivasDEYSITATIANAIB
 
Trabajos tercera parcial
Trabajos tercera parcialTrabajos tercera parcial
Trabajos tercera parcialDEYSITATIANAIB
 
Pre-Collegiate - Rising Seniors, Day 1
Pre-Collegiate - Rising Seniors, Day 1Pre-Collegiate - Rising Seniors, Day 1
Pre-Collegiate - Rising Seniors, Day 1Ali LaForce
 
How to become an Android developer
How to become an Android developerHow to become an Android developer
How to become an Android developerIvan Kocijan
 
Representative Partner Placements
Representative Partner PlacementsRepresentative Partner Placements
Representative Partner PlacementsJohn Jameson
 
Презентация франшизы интернет-рекламного агентства.
Презентация франшизы интернет-рекламного агентства.Презентация франшизы интернет-рекламного агентства.
Презентация франшизы интернет-рекламного агентства.NikolasLornets
 
Small Small Catch Monkey:The Success Story of Laurelwood
Small Small Catch Monkey:The Success Story of Laurelwood Small Small Catch Monkey:The Success Story of Laurelwood
Small Small Catch Monkey:The Success Story of Laurelwoodvakunta
 
Measuring Thermal Conductivity of Thin Films
Measuring Thermal Conductivity of Thin FilmsMeasuring Thermal Conductivity of Thin Films
Measuring Thermal Conductivity of Thin FilmsKale Crosbie
 
Prueba cuarta parcial de ciencia de estado
Prueba cuarta parcial de ciencia de estadoPrueba cuarta parcial de ciencia de estado
Prueba cuarta parcial de ciencia de estadoDEYSITATIANAIB
 
Resume of Islam M. Elshora MEP Technical Office & BIM Manager
Resume of Islam M. Elshora MEP Technical Office & BIM Manager Resume of Islam M. Elshora MEP Technical Office & BIM Manager
Resume of Islam M. Elshora MEP Technical Office & BIM Manager Islam Elshoura
 
Resume_PRAVESH_SINGH
Resume_PRAVESH_SINGHResume_PRAVESH_SINGH
Resume_PRAVESH_SINGHPRAVESH SINGH
 
Universidad técnica de ambatotrabajo de ntics angel diaz
Universidad técnica de ambatotrabajo de ntics angel diazUniversidad técnica de ambatotrabajo de ntics angel diaz
Universidad técnica de ambatotrabajo de ntics angel diazÁngel Fer Dìaz
 

Viewers also liked (18)

Cryptocurrency for Dummies
Cryptocurrency for DummiesCryptocurrency for Dummies
Cryptocurrency for Dummies
 
Windows power management basic knowledge
Windows power management basic knowledgeWindows power management basic knowledge
Windows power management basic knowledge
 
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIA
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIAFORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIA
FORTALECER LAS CAPACIDADES Y POTENCIALIDADES DE LA CUIDADANIA
 
Deontologia procedimiento diapositivas
Deontologia procedimiento diapositivasDeontologia procedimiento diapositivas
Deontologia procedimiento diapositivas
 
Trabajos tercera parcial
Trabajos tercera parcialTrabajos tercera parcial
Trabajos tercera parcial
 
Pre-Collegiate - Rising Seniors, Day 1
Pre-Collegiate - Rising Seniors, Day 1Pre-Collegiate - Rising Seniors, Day 1
Pre-Collegiate - Rising Seniors, Day 1
 
DOCENTE
DOCENTEDOCENTE
DOCENTE
 
How to become an Android developer
How to become an Android developerHow to become an Android developer
How to become an Android developer
 
Representative Partner Placements
Representative Partner PlacementsRepresentative Partner Placements
Representative Partner Placements
 
Презентация франшизы интернет-рекламного агентства.
Презентация франшизы интернет-рекламного агентства.Презентация франшизы интернет-рекламного агентства.
Презентация франшизы интернет-рекламного агентства.
 
Small Small Catch Monkey:The Success Story of Laurelwood
Small Small Catch Monkey:The Success Story of Laurelwood Small Small Catch Monkey:The Success Story of Laurelwood
Small Small Catch Monkey:The Success Story of Laurelwood
 
Measuring Thermal Conductivity of Thin Films
Measuring Thermal Conductivity of Thin FilmsMeasuring Thermal Conductivity of Thin Films
Measuring Thermal Conductivity of Thin Films
 
Prueba cuarta parcial de ciencia de estado
Prueba cuarta parcial de ciencia de estadoPrueba cuarta parcial de ciencia de estado
Prueba cuarta parcial de ciencia de estado
 
Resume of Islam M. Elshora MEP Technical Office & BIM Manager
Resume of Islam M. Elshora MEP Technical Office & BIM Manager Resume of Islam M. Elshora MEP Technical Office & BIM Manager
Resume of Islam M. Elshora MEP Technical Office & BIM Manager
 
Resume_PRAVESH_SINGH
Resume_PRAVESH_SINGHResume_PRAVESH_SINGH
Resume_PRAVESH_SINGH
 
Deontologia
DeontologiaDeontologia
Deontologia
 
DOCENTE
DOCENTEDOCENTE
DOCENTE
 
Universidad técnica de ambatotrabajo de ntics angel diaz
Universidad técnica de ambatotrabajo de ntics angel diazUniversidad técnica de ambatotrabajo de ntics angel diaz
Universidad técnica de ambatotrabajo de ntics angel diaz
 

Similar to Crypto101: Fundamentals of Cryptography

aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxImXaib
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communicationsdefconmoscow
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutannewbie2019
 
Cryptography
CryptographyCryptography
CryptographyPPT4U
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographySarthak Patel
 
ET4045-2-cryptography-2
ET4045-2-cryptography-2ET4045-2-cryptography-2
ET4045-2-cryptography-2Tutun Juhana
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxRobertCarreonBula
 
Us 17-radocea-intercepting-i cloud-keychain
Us 17-radocea-intercepting-i cloud-keychainUs 17-radocea-intercepting-i cloud-keychain
Us 17-radocea-intercepting-i cloud-keychainAlex Radocea
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & SteganographyAnimesh Shaw
 
Cryptography & Digital certificate
Cryptography & Digital certificateCryptography & Digital certificate
Cryptography & Digital certificateDeepak Kumar (D3)
 

Similar to Crypto101: Fundamentals of Cryptography (20)

aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptx
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communications
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutan
 
Cryptography
CryptographyCryptography
Cryptography
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key Cryptography
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
ET4045-2-cryptography-2
ET4045-2-cryptography-2ET4045-2-cryptography-2
ET4045-2-cryptography-2
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
 
Security pre
Security preSecurity pre
Security pre
 
Us 17-radocea-intercepting-i cloud-keychain
Us 17-radocea-intercepting-i cloud-keychainUs 17-radocea-intercepting-i cloud-keychain
Us 17-radocea-intercepting-i cloud-keychain
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authentication
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdf
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Crypt
CryptCrypt
Crypt
 
Cryptography & Digital certificate
Cryptography & Digital certificateCryptography & Digital certificate
Cryptography & Digital certificate
 

Crypto101: Fundamentals of Cryptography

  • 1. Crypto101: The Fundamentals of Cryptography Jim Faith October 7, 1999
  • 2. 2 The October Brown-bag Series • Crypto 101: The Fundamentals of Cryptography • Crypto 201: Advanced Cryptographic Concepts • Crypto 301: The Public Key Infrastructure • Crypto 401: VPN Protocols and SSL
  • 3. 3 Overview • Symmetric Cryptography • Asymmetric Cryptography • Random Numbers and Prime Numbers • Basic Security Properties • Digital signatures • Digital envelopes • Digital certificates • Export Controls and Public Policy
  • 4. 4 Symmetric Cryptography The same key and algorithm are used to encrypt and decrypt. BobAlice
  • 5. 5 An Algorithm An Algorithm is a step-by-step problem-solving procedure, or a recipe algorithm Data Result
  • 6. 6 A Key A Key is a number or value that makes each use of the cryptographic algorithm “unique” Cryptographic algorithm Data Result Key Another K ey Another Result
  • 7. 7 Inner Operations of a Block Cipher 55 ff A B C D <<<<<< <<< <<< S[2i] S[2i+1] A B C D t u
  • 8. 8 Sample keys DES key: E5 74 ae f0 13 20 4f e1
  • 9. 9 Definitions • To encrypt something is to scramble the information so that only the intended recipient can recover the original information. Data recovery is called decryption. • Plaintext is the original form of a message as opposed to the encrypted form. • Ciphertext is the encrypted form of a message as opposed to the original form.
  • 10. 10 Symmetric Cryptography • Symmetric Ciphers are based on logical XOR, Rotation, and Substitution operations. • Two flavors of ciphers: – Block ciphers - these work on a “block” of data objects, generally 64 to 128 bits, at a time. Useful for bulk encryption. – Stream ciphers - these work on small data objects, generally 1 to 64 bits at a time. Useful for byte streams.
  • 11. 11 Symmetric Cryptography • Advantages: – Well known and used – Generally, very fast • Disadvantages: – Initial secret key needs to exchanged via a trusted channel. – Key Management.
  • 12. 12 Symmetric Cryptography Key management: each node on the networkKey management: each node on the network needs to store a key for every other node:needs to store a key for every other node: # system keys = (p * (p-1))/2# system keys = (p * (p-1))/2 2parties,1key 3parties,3keys 4parties,6keys 5parties,10keys
  • 13. 13 Asymmetric Cryptography • Asymmetric algorithms are based on the idea of key pairs, a public key and private key. • The keys are mathematically related such that one key performs an operation on data that only the other key can undo.
  • 14. 14 Bob’s RSA Public Key Bob’s RSA Private Key RSA Public-Key Cryptosystem When Alice wants to send a message to Bob
  • 15. 15 The Math • Asymmetric Cryptography is based on complex Math and Big Numbers. • The RSA algorithm is the de facto standard for public key cryptography and is based on Modular Exponentiation • The Diffie-Hellman algorithm is based on Discrete Logarithms
  • 16. 16 How RSA Works - Modular Exponentiation • Given : n = pq, Choose e • Encryption Formula ci = mi e mod n • Decryption Formula mi = ci d mod n public key : (n,e) Private key: (d)
  • 17. 17 155 decimal digit prime number (512 bits) 1094173864157052742180970732204035761200373245 4492059909138421314763499842889347847179972578 9126733249762575289978183379707653724402714674 3531593354333897 = (102639592829741105772054196573991675900716567 88038066803341933521790711307779) X (106603488380168454820927220360012878679207958 575989291522270608237193062808643) Herman te Riele, CWI- Amsterdam August, ‘99
  • 18. 18 RSA in Summary • If I know n = pq, I can generate prime values for p and q, I can choose a convenient value for e, and then d is easy to calculate - plug in the numbers. • I throw p and q away and make n and e available to the public. • Finding d from n and e is a HARD problem - more correctly computationally infeasible • Attack the system by factoring n
  • 19. 19 Sample keys RSA public key: modulus: ab 38 39 40 54 2c ac 9a c0 37 40 d0 49 04 ed 51 0e 95 72 02 51 c2 ad 9d a7 eb ba 29 ae d4 49 79 53 fa df 01 6c bc 69 46 4c 83 1b d9 3b 59 42 04 99 0f 63 24 75 a0 be 6f 92 4d 9d a2 40 da f8 49 public exponent: 01 00 01
  • 20. 20 Asymmetric Cryptography • Advantages: – Does not require a trusted channel – Provides authentication of sender – Variable key sizes – Scales easily, easy key management
  • 21. 21 Asymmetric Cryptography • Disadvantages of asymmetric ciphers: – Computationally intense therefore requires a bit more processing power. – Need for Authentication of public keys
  • 22. 22 Random Numbers • Random values are used for keys in symmetric crypto. If the key is 56 bits long, every possible combination must be equally likely • Random values are used as seeds to generate prime numbers used in asymmetric crypto. • Security protocols such as IPSec and SSL can use random values for challenge - response authentication
  • 23. 23 Prime Numbers • Used to generate keys in public key crypto • Mathematically convenient - Fermat Primes • Fun Fact - There are 10151 prime numbers less than 155 decimal digits. There are only 1077 atoms in the universe. Bruce Schneier Applied Cryptography
  • 24. 24 Basic Security Properties • Authentication - authenticates each of the communicating parties. • Privacy - data scrambling prevents reading by unauthorized parties. • Integrity - assures that the information was not modified while in transit. • Non-repudiation - disallows a party denying a previous message or action.
  • 25. 25 Digital Signatures • RSA digital signatures – RSA signatures use the RSA Public Key algorithm and a Message Digest algorithm such as MD5 or SHA-1. – Based on the idea that only I can encrypt data with my private key. If that data can be decrypted with my public key, and there is unique relationship between keys, then I must have been the one who performed the original encryption.
  • 26. 26 Message Digests • Arbitrary input length - fixed output • One way function • Irreversible • Collision free MD5MD5 MessageMessage DigestDigest
  • 27. 27 Message Digests 1. Any length input gives the same length output 2. One way: Given a digest, it is impossible to reconstruct the original message 3. It is computationally infeasible to produce a message with a specific digest 4. It is computationally infeasible to produce two messages with the same digest
  • 28. 28 Digital Signatures • An RSA signature is created as follows: – Hash the data object to be signed. – Encrypt the hash with your private key. – Transmit both the data object and the encrypted hash. • The RSA signature is verified as follows: – Hash the data object received. – Decrypt the encrypted hash. – Compare the computed hash with the decrypted hash.
  • 29. 29 } Digest MD5 Alice’s RSA Private Key Encrypted Digest Alice signs a message Authentication: The RSA Digital Signature
  • 30. 30 MD-5 Digest Alice’s RSA Public Key ? Verification: The RSA Digital Signature Bob verifies the signature signature
  • 31. 31 Digital Signature Example Alice wants to buy something from Bob online The two negotiate, agree on a price of $1,000 Alice signs a “contract” She sends the message, “I agree to pay Bob 1,000 dollars.” She signs that message
  • 32. 32 Alice’s signature Alice computes the digest of the message MD5 Digest: cb d8 9e 2f 60 81 79 72 58 10 a2 34 cd df 2f 5e and encrypts this data with her private key. She sends the message to Bob
  • 33. 33 Digital Signature Example Here is what Bob receives : 1. The message: “I agree to pay Bob 1,000 dollars.” 2. The signature: 3a ce af e2 58 8c 25 94 80 2c de 7c 0f 15 3c 40 39 17 ce 32 02 82 31 4f 8e 8b c7 73 aa f9 88 d3 59 b9 69 1a 85 d0 8a b2 60 f5 fb 54 1e a4 93 b7 f5 1d 4b 13 eb 4d 31 98 04 c7 a9 0a 09 e3 42 c2 9f e0 de 89 8b e5 b9 2e fc cc 9c 6b 7e 9d ef fb 07 64 84 86 fa 17 b7 af f6 03 9f 02 46 fb 88 0f
  • 34. 34 Digital Signature Example 3. Alice’s public key: cc 76 65 2b 4b 5d 97 2b 25 c4 64 d2 3b 96 5f aa 52 ca 08 b1 01 22 39 f4 aa 3f 8d 51 8b f5 50 c5 6d c4 c6 84 c7 8f e4 ed 49 27 28 00 5a 7c 10 12 a0 72 ec d2 85 92 a6 b0 f5 20 44 5e 41 eb 48 84 a2 b8 01 d8 b5 79 e6 92 0f a7 d2 5c 0b 02 35 92 63 af 4d d4 be ec ec aa 9d d5 96 71 35 1b b5 9f 01 00 01
  • 35. 35 Bob Tries to Commit Fraud Bob claims Alice agreed to pay $1,000,000 Bob produces the message “I agree to pay Bob 1,000,000 dollars.”
  • 36. 36 Bob Tries to Commit Fraud So we digest the message that Bob presents MD5 Digest: 4d 17 ef 57 11 74 94 44 69 0e 60 dc 68 a4 49 77 We also use Alice’s public key to decrypt her signature, we get cb d8 9e 2f 60 81 79 72 58 10 a2 34 cd df 2f 5e
  • 37. 37 Bob Tries to Commit Fraud The digests do not match, so we can say Alice did not sign that message. Bob does not get $1,000,000. But he does get 5-7 in San Quentin for attempted fraud, because Alice was well connected in the governor's office.
  • 38. 38 Alice Tries to Commit Fraud Alice claims she never agreed to pay Bob $1,000 Bob produces the message “I agree to pay Bob 1,000 dollars.” and its associated digest MD5 Digest: cb d8 9e 2f 60 81 79 72 58 10 a2 34 cd df 2f 5e
  • 39. 39 Alice Tries to Commit Fraud Bob produces a chunk of data he claims is Alice’s signature 3a ce af e2 58 8c 25 94 80 2c de 7c 0f 15 3c 40 39 17 ce 32 02 82 31 4f 8e 8b c7 73 aa f9 88 d3 59 b9 69 1a 85 d0 8a b2 60 f5 fb 54 1e a4 93 b7 f5 1d 4b 13 eb 4d 31 98 04 c7 a9 0a 09 e3 42 c2 9f e0 de 89 8b e5 b9 2e fc cc 9c 6b 7e 9d ef fb 07 64 84 86 fa 17 b7 af f6 03 9f 02 46 fb 88 0f
  • 40. 40 Alice Tries to Commit Fraud We use Alice’s public key to decrypt that chunk of data Bob claims is Alice’s signature, we get cb d8 9e 2f 60 81 79 72 58 10 a2 34 cd df 2f 5e We see it matches the digest of Bob’s message There is only one way Bob could have gotten that chunk of data that produced the digest of the message: Alice signed that message
  • 41. 41 Alice Tries to Commit Fraud Is it possible Bob generated that chunk of data? Is it possible Bob was able to find the right value without knowing Alice’s private key? No one has been able to do it so far So Alice must have signed, she has to pay
  • 42. 42 Digital Envelopes • Digital envelopes are a privacy mechanism for combining the strengths of both cryptographic methods. – A digital envelope is created as follows:a. • Generate a random symmetric or session key. • Encrypt the data object with the session key. • Encrypt the session key with the public key of the recipient. • Transmit both the encrypted data object along with the encrypted session key.
  • 43. 43 Digital Envelopes • To “open” a digital envelope, perform the following: – Decrypt the session key with your private key. – Decrypt the data object with the session key. • Note: a digital envelope does not implicitly increase the security of the encrypted data object. The data object is still only encrypted with the symmetric / session key. Digital envelopes do solve the key distribution problem.
  • 44. 44 }Recipient’s RSA Public Key Random RC4 Key “RSA Digital Envelope” Hi/fn 750 University Av Los Gatos, CA Privacy: The RSA Digital Envelope
  • 45. 45 RSA Digital Envelope Decrypt RC4 key DataEncrypted Data Encrypted Key Recipient’s RSA Private Key
  • 46. 46 The situation: 1. Anyone can generate their own public/private key pairs 2. Anyone can attach any name to a public key 3. Anyone can post a public key in the public directory The dilemma: How do I know for sure that the name on a given public key really represents the person I want to communicate with? The Dilemma
  • 47. 47 Solution A Digital Certificate authenticates the binding between a public key and an individual much like a company ID badge binds your name to your picture. Digital Certificate
  • 48. 48 Name, Organization, Address Owner’s Public Key Certificate Validity Dates Serial Number Certifying Authority’s Digital Signature Document Digital Signature Digital Certificate Digital Certificates
  • 49. 49 Digital Certificates • In using certificates, a trusted third party is needed. The function of this third party is to sign public keys, hence the digital certificate. • A digital certificate is a digital document that contains a public key signed by the trusted third party. • The trusted third party is known as a Certificate Authority or CA.
  • 50. 50 Digital Certificates • The most common type of certificate is referred to as X.509. – This is an international standard for the format and information contained in a certificate. Trust is hierarchical.
  • 52. 52 Export Controls and Public Policy • Hopefully, a historical footnote ... • Governments are concerned with the misuse of encryption: – Espionage – Criminal activity • There is a requisite balance between the government concerns and the use of cryptography for commercial purposes.
  • 53. 53 References • The following are books on cryptography: – Frequently Asked Questions About Today’s Cryptography, Version 4.0., RSA Laboratories – Handbook of Applied Cryptography, Menezes, van Oorschot, and Vanstone, CRC Press, 1997 – Applied Cryptography, Protocols, Algorithms, and Source Code in C, 2nd Edition, Schneier, John Wiley & Sons, Inc. 1996
  • 54. 54 References • The following are URLs containing information on cryptography: – http://www.rsa.com – http://jya.com/crypto.htm – http://www.w3.org/security – http://www.counterpane.com/hotlist.htm
  • 55. Crypto101: The Fundamentals of Cryptography Jim Faith jfaith@hifn.com October 7, 1999