Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Successfully reported this slideshow.

Like this presentation? Why not share!

- Pki 202 Architechture Models and ... by NCC Group 1443 views
- Cryptography full report by harpoo123143 11422 views
- Pki 201 Key Management by NCC Group 1848 views
- Jul gathering by Setia Jul Ismail 303 views
- Merits of securing your home by Ssecurity011 119 views
- An introduction to scan test for te... by Mohit Mongia 84 views

No Downloads

Total views

3,129

On SlideShare

0

From Embeds

0

Number of Embeds

30

Shares

0

Downloads

167

Comments

0

Likes

7

No embeds

No notes for slide

- 1. Cryptography 101 By Aman Hardikar
- 2. Contents / Topics INTRODUCTION SYMMETRIC CRYPTOGRAPHY Block Ciphers Introduction Terms Modes Stream Ciphers Introduction Types ASYMMETRIC CRYPTOGRAPHY Introduction Terms Ciphers HASH FUNCTIONS Introduction Merkle Damgard Technique MAC DIGITAL SIGNATURE DIGITAL ENVELOPE Skill Level: Beginner - Intermediate
- 3. Introduction Cryptography Securing information in a form only readable by end parties Cryptography Primitives (building blocks of cryptographic protocols) Encryption • Involves the conversion of plain text to cipher text Decryption • Involves the conversion of cipher text to plain text Signature Generation • Involves producing a special string that can be tied to a user Signature Verification • Involves verifying who the user is from the message Key Negotiation and Exchange • Involves negotiation and exchange of keys between the various parties involved Steganography Hiding information in other files Ex: pictures, audio, video, executable files
- 4. Types Symmetric Cryptography One key for both encryption and decryption Asymmetric Cryptography (Public Key Cryptography) Two keys : One for encryption, other for decryption
- 5. Symmetric Cryptography Advantages Small Key Size • Size ∞ Computational Power Disadvantages Key Management and transfer/sharing • Number of keys required = n(n-1)/2, where n is the number of parties involved. • If there are 5 parties, then number of keys = 10 • If there are 10 parties, then number of keys = 45 • If there are 100 parties, then number of keys = 4950 Provides Confidentiality, Integrity, Origin Authentication [based on the Mode used]
- 6. Symmetric Crypto - Types Block Ciphers Divides the text into blocks and acts on each of them Stream Ciphers Acts on each bit of the text
- 7. Block Cipher Terms Key Size Effective Key Size Block Size Initialization Vector (IV) Work Factor
- 8. Block Cipher Examples Lucifer (64 bits), DES/DEA (56 bits), DESX (184 bits) 3DES / TDES / TripleDES (168 bits) EEE, EDE, …. AES/Rijndael (Variable Size) IDEA Serpent, Blowfish, RC6
- 9. Block Cipher Modes ECB (Electronic Code Book) CBC (Cipher Block Chaining) CBC$ CBCC PCBC (Propagating CBC) CFB (Cipher FeedBack) OFB (Output FeedBack) CTR (CounTeR) CTR$ CTRC Above modes provide confidentiality only.
- 10. Block Cipher Modes (2) CMAC (Cipher based MAC) Integrity + Authentication CCM (Counter with CBC-MAC) Integrity + Authentication GCM (Galois/Counter Mode) Integrity + Authentication Above modes also provide other security services in addition to confidentiality.
- 11. Block Cipher Modes (3) Properties: Provide Confidentiality Fast Data Storage and Retrieval Efficient Use of Disk Space CBC (Cipher Block Chaining) LRW (Liskov, Rivest and Wagner) XEX (Xor Encrypt Xor) XTS (XEX-based Tweaked Codebook Mode) CMC (CBC Mask CBC) EME (ECB Mask ECB) Above modes primarily used in Full Disk Encryption.
- 12. Stream Ciphers Uses key streams Acts on bits of text Most Hardware Implementations use these Less complex than block ciphers NOTE: Block Ciphers can also be used as Stream Ciphers.
- 13. Stream Cipher Types Synchronous These generate random sequence of bits independent of the plain text and cipher text. Ex: RC4, HC-128 Asynchronous These generate key streams based on a set of former cipher text bits. Ex: CTAK, CFB Mode Block Ciphers
- 14. Asymmetric Cryptography Advantages Key Management Disadvantages Large Key Size • Size ∞ Computational Power Provides Confidentiality, Integrity, Authentication, Non-Repudiation
- 15. Asymmetric Crypto Terms Trapdoor Functions Mathematical functions that are easy to apply in one direction, but extremely difficult in the reverse.
- 16. Asymmetric Ciphers DH (DHM) Based on discrete logarithms No Authentication • Digital Signature Required RSA Based on factorisation of large numbers Example Key Sizes: 512bits, 1024bits, 2048bits Other Ciphers/Algorithms El Gamal – Based on DH Cramer-Shoup – Based on El Gamal Knapsack
- 17. Elliptical Curve Cryptography Mathematical equations that use Elliptical Curves Advantages: Small Key Size (Size ∞ Computational Power) 256 bit ECC key ≈ 3072 bit RSA/DH key; 384 bit ECC key ≈ 7680 bit RSA/DH key Algorithms Digital Signatures ECDSA: Elliptic Curve Digital Signature Algorithm ECPVS: Elliptic Curve Pintsov Vanstone Signatures ECNR: Elliptic Curve Nyberg Rueppel Key Agreement ECMQV: Elliptic Curve Menezes-Qu-Vanstone ECDH: Elliptic Curve Diffie-Hellman Encryption ECIES: Elliptic Curve Integrated Encryption Standard
- 18. Hash Functions Provides condensed representation of a given text or message (Message Digest) Provides Integrity, Origin Authentication Collision Situation when two different texts have the same hash Examples MD5 – 128bits – Insecure – Collisions Possible SHA1 – 160 bits – 263 Hash Operations for identifying a collision instead of 280 operations RIPEMD-160 – 160 bits – Secure (no collisions identified yet) SHA256 – 256 bits – Secure
- 19. Merkle Damgard Technique A method to build collision resistant hash functions Used by common hash functions like MD5, SHA1 and SHA256
- 20. Block Ciphers - MAC Block Ciphers can also be used as hash functions MDC-2 – 128 bits Whirlpool – 512 bits Used in Message Authentication Code (MAC) Adds a secret key to message during input • Provides Origin Authentication Provides Integrity Popular Implementation: CBC-MAC
- 21. Hash Functions - MAC Hash Algorithms can also be used to produce MAC Two Types MDx-MAC Scheme Uses modified hash functions SHA1, RIPEMD-160 can be used HMAC Unmodified hash functions Secret key added to message Used in IPSec, NAS, Mobiles Ref: RFC2104, FIPS PUB 180, ISO 9797-2
- 22. Digital Signatures Equivalent to physical signature Provides Integrity, Origin Authentication and Non-Repudiation
- 23. Digital Signatures (2) Software Components Cryptographic Hash Function Key Generation Algorithm Signing Algorithm Verification Algorithm Implemented using Public Cryptosystems: ECC, DSA, RSA, El Gamal DSA – Digital Signature Algorithm Used in Digital Signature Standard Ref: FIPS PUB 186, ISO 9696 and ISO 14888
- 24. Digital Envelope Provides Confidentiality in addition to Integrity, Origin Authentication and Non- Repudiation Two possible ways: Encrypt the message and the digital signature with the recipient's public key Encrypt the message with a secret key, then encrypt the secret key and the digital signature with recipient’s public key
- 25. Further Presentations …. PKI 101 PKI 201 Crypto Attacks 101 Basics of PKI infrastructure and Key Management. Advanced PKI stuff, which includes various PKI models, CRL types and auditing PKI infrastructure. Discussion on various attacks.

No public clipboards found for this slide

Be the first to comment