Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network Security Topic 4 cryptography2

1,638 views

Published on

Network Security Topic 4 cryptography2

Published in: Education
  • Be the first to comment

Network Security Topic 4 cryptography2

  1. 1. Lecture 4Cryptographic Tools (cont)
  2. 2. Message Authentication protects against active attacks • contents have not been verifies received altered message is • from authentic source • timely and in correct authentic sequence can use • only sender & receiver conventional share a key encryption
  3. 3. Message Authentication Codes
  4. 4. Secure Hash Functions
  5. 5. MessageAuthentication Using a One-WayHash Function
  6. 6. Hash Function Requirements• can be applied to a block of data of any size• produces a fixed-length output• H(x) is relatively easy to compute for any given x• one-way or pre-image resistant – infeasible to find x such that H(x) = h• second pre-image or weak collision resistant – infeasible to find y ≠ x such that H(y) = H(x)• collision resistant or strong collision resistance – infeasible to find any pair (x, y) such that H(x) = H(y)
  7. 7. Security of Hash Functions• approaches to attack a secure hash function – cryptanalysis – exploit logical weaknesses in the algorithm – brute-force attack – strength of hash function depends solely on the length of the hash code produced by the algorithm• additional secure hash function applications: – Passwords: hash of a password is stored by an operating system – intrusion detection: store H(F) for each file on a system and secure the hash values
  8. 8. Public-Key Encryption Structure asymmetric • uses two separate keys publicly • public key and some form ofproposed by based on private key protocol is Diffie and mathematical • public key is needed for Hellman in functions made public for distribution 1976 others to use
  9. 9. Public-Key Encryption
  10. 10. Private-Key Encryption
  11. 11. Requirements for Public-Key Crypto. computationally easy to create key pairs computationally easyuseful if either key can for sender knowing be used for each role public key to encrypt messages computationally computationally easyinfeasible for opponent for receiver knowing to otherwise recover private key to decrypt original message ciphertext computationally infeasible for opponent to determine private key from public key
  12. 12. Applications for Public-Key Cryptosystems
  13. 13. Digital Signatures• used for authenticating both source and data integrity• created by encrypting hash code with private key• does not provide confidentiality – even in the case of complete encryption – message is safe from alteration but not eavesdropping
  14. 14. Public Key Certificates
  15. 15. Digital Envelopes• protects a message without needing to first arrange for sender and receiver to have the same secret key• equates to the same thing as a sealed envelope containing an unsigned letter
  16. 16. Random • Uses include generation of:Numbers – keys for public-key algorithms – stream key for symmetric stream cipher – symmetric key for use as a temporary session key or in creating a digital envelope – handshaking to prevent replay attacks – session key
  17. 17. Random Number Requirements Randomness Unpredictability• criteria: – uniform distribution each number is statistically – frequency of occurrence of independent of other each of the numbers should numbers in the sequence be approximately the same opponent should not be able – independence – no one value in the to predict future elements sequence can be inferred of the sequence on the from the others basis of earlier elements
  18. 18. Random versus Pseudorandom• cryptographic applications typically use algorithms for random number generation – algorithms are deterministic and therefore produce sequences of numbers that are not statistically random• pseudorandom numbers are: – sequences produced that satisfy statistical randomness tests – likely to be predictable• true random number generator (TRNG): – uses a nondeterministic source to produce randomness – most operate by measuring unpredictable natural processes – e.g. radiation, gas discharge, leaky capacitors – increasingly provided on modern processors
  19. 19. Summary• symmetric encryption  hash functions – conventional or single-key only type − message authentication creation of digital signatures used prior to public-key – five parts: plaintext, encryption  digital signatures algorithm, secret key, ciphertext, and − hash code is encrypted with decryption algorithm private key – two attacks: cryptanalysis and brute  digital envelopes force − protects a message without – most commonly used algorithms are needing to first arrange for sender block ciphers (DES, triple DES, AES) and receiver to have the same• public-key encryption secret key – based on mathematical functions  random numbers – asymmetric − requirements: randomness and – six ingredients: plaintext, encryption unpredictability algorithm, public and private key, − validation: uniform distribution, ciphertext, and decryption algorithm independence − pseudorandom numbers

×