Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Secret Key Cryptography <ul><li>Single key used to encrypt and decrypt. </li></ul><ul><li>Key must be known by both partie...
Public Key Cryptography (a.k.a. asymmetric cryptography) <ul><li>Relatively new field - 1975 (as far as we know, the NSA i...
<ul><li>Private keys are used for decrypting. </li></ul><ul><li>Public keys are used for encrypting. </li></ul><ul><li>enc...
Digital Signature <ul><li>Public key cryptography is also used to provide digital signatures. </li></ul><ul><li>  signing ...
Transmitting over an insecure channel. <ul><li>Alice wants to send Bob a private message. </li></ul><ul><ul><ul><li>A publ...
Hello Bob, Wanna get together? Alice Bob encrypt using  B public decrypt using  B private
OK Alice, Your place or mine? Alice Bob decrypt using  A private encrypt using  A public
Bob’s Dilemma <ul><li>Nobody can read the message from Alice, but anyone could produce it. </li></ul><ul><li>How does Bob ...
Alice can sign her message! <ul><li>Alice can create a digital signature and prove she sent the message (or someone with k...
Message Digest <ul><li>Also known as “hash function” or “one-way transformation”. </li></ul><ul><li>Transforms a message o...
Alice’s Signature <ul><li>Alice feeds her original message through a hash function and encrypts the message digest  with A...
Alice Bob Sign with  A private check signature using  A public encrypt using  B public decrypt using  B private Revised Sc...
Why the digest? <ul><li>Alice could just encrypt her name, and then Bob could decrypt it with A public . </li></ul><ul><li...
Implications <ul><li>Suppose Alice denies she sent the message? </li></ul><ul><li>Bob can prove that only someone with Ali...
Another possible problem <ul><li>Suppose Bill receives a message from Alice  including  a digital signature. </li></ul><ul...
Solution? <ul><li>Always start your messages with: </li></ul><ul><ul><li>Dear Bill, </li></ul></ul><ul><li>Create a digest...
Speed <ul><li>Secret key encryption/decryption algorithms are much faster than public key algorithms. </li></ul><ul><li>Ma...
Secure Protocols <ul><li>There are a growing number of applications for secure protocols: </li></ul><ul><ul><li>email </li...
Secure Protocols <ul><li>Many application protocols include the use of cryptography as part of the application level proto...
SSL and TLS <ul><li>Secure Sockets Layer (SSL) is a different approach - a new layer is added that provides a secure chann...
SSL layer Application SSL TCP IP Application SSL TCP IP
Advantages of SSL/TLS <ul><li>Independent of application layer </li></ul><ul><li>Includes support for negotiated encryptio...
HTTPS Usage <ul><li>HTTPS is HTTP running over SSL. </li></ul><ul><ul><li>used for most secure web transactions. </li></ul...
Upcoming SlideShare
Loading in …5
×

Crypt

769 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
769
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
44
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Crypt

  1. 1. Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
  2. 2. Secret Key Cryptography <ul><li>Single key used to encrypt and decrypt. </li></ul><ul><li>Key must be known by both parties. </li></ul><ul><li>Assuming we live in a hostile environment (otherwise - why the need for cryptography?), it may be hard to share a secret key. </li></ul>
  3. 3. Public Key Cryptography (a.k.a. asymmetric cryptography) <ul><li>Relatively new field - 1975 (as far as we know, the NSA is not talking). </li></ul><ul><li>Each entity has 2 keys: </li></ul><ul><ul><li>private key (a secret) </li></ul></ul><ul><ul><li>public key (well known). </li></ul></ul>
  4. 4. <ul><li>Private keys are used for decrypting. </li></ul><ul><li>Public keys are used for encrypting. </li></ul><ul><li>encryption </li></ul><ul><li>plaintext ciphertext </li></ul><ul><li>public key </li></ul><ul><li>decryption </li></ul><ul><li>ciphertext plaintext </li></ul><ul><li>private key </li></ul>Using Keys
  5. 5. Digital Signature <ul><li>Public key cryptography is also used to provide digital signatures. </li></ul><ul><li> signing </li></ul><ul><li>plaintext signed message </li></ul><ul><li> private key </li></ul><ul><li> verification </li></ul><ul><li>signed message plaintext </li></ul><ul><li> public key </li></ul>
  6. 6. Transmitting over an insecure channel. <ul><li>Alice wants to send Bob a private message. </li></ul><ul><ul><ul><li>A public is Alice’s public key. </li></ul></ul></ul><ul><ul><ul><li>A private is Alice’s private key. </li></ul></ul></ul><ul><ul><ul><li>B public is Bob’s public key. </li></ul></ul></ul><ul><ul><ul><li>B private is Bob’s private key. </li></ul></ul></ul>
  7. 7. Hello Bob, Wanna get together? Alice Bob encrypt using B public decrypt using B private
  8. 8. OK Alice, Your place or mine? Alice Bob decrypt using A private encrypt using A public
  9. 9. Bob’s Dilemma <ul><li>Nobody can read the message from Alice, but anyone could produce it. </li></ul><ul><li>How does Bob know that the message was really sent from Alice? </li></ul><ul><li>Bob may be comforted to know that only Alice can read his reply. </li></ul>
  10. 10. Alice can sign her message! <ul><li>Alice can create a digital signature and prove she sent the message (or someone with knowledge of her private key). </li></ul><ul><li>The signature can be a message digest encrypted with A private . </li></ul>
  11. 11. Message Digest <ul><li>Also known as “hash function” or “one-way transformation”. </li></ul><ul><li>Transforms a message of any length and computes a fixed length string. </li></ul><ul><li>We want it to be hard to guess what the message was given only the digest. </li></ul><ul><ul><li>Guessing is always possible. </li></ul></ul>
  12. 12. Alice’s Signature <ul><li>Alice feeds her original message through a hash function and encrypts the message digest with A private . </li></ul><ul><li>Bob can decrypt the message digest using A public . </li></ul><ul><li>Bob can compute the message digest himself. </li></ul><ul><li>If the 2 message digests are identical, Bob knows Alice sent the message. </li></ul>
  13. 13. Alice Bob Sign with A private check signature using A public encrypt using B public decrypt using B private Revised Scheme
  14. 14. Why the digest? <ul><li>Alice could just encrypt her name, and then Bob could decrypt it with A public . </li></ul><ul><li>Why wouldn’t this be sufficient? </li></ul>
  15. 15. Implications <ul><li>Suppose Alice denies she sent the message? </li></ul><ul><li>Bob can prove that only someone with Alice’s key could have produced the message. </li></ul>
  16. 16. Another possible problem <ul><li>Suppose Bill receives a message from Alice including a digital signature. </li></ul><ul><li>“ meet me at the library tonight” </li></ul><ul><li>Bill sends the same message to Joe so that it looks like the message came from Alice. </li></ul><ul><li>Bill includes the digital signature from the message Alice sent to him. </li></ul><ul><li>Joe is convinced Alice sent the message! </li></ul>
  17. 17. Solution? <ul><li>Always start your messages with: </li></ul><ul><ul><li>Dear Bill, </li></ul></ul><ul><li>Create a digest from the encrypted message and sign that digest. </li></ul><ul><li>There are many other schemes as well. </li></ul>
  18. 18. Speed <ul><li>Secret key encryption/decryption algorithms are much faster than public key algorithms. </li></ul><ul><li>Many times a combination is used: </li></ul><ul><ul><li>use public key cryptography to share a secret key. </li></ul></ul><ul><ul><li>use the secret key to encrypt the bulk of the communication. </li></ul></ul>
  19. 19. Secure Protocols <ul><li>There are a growing number of applications for secure protocols: </li></ul><ul><ul><li>email </li></ul></ul><ul><ul><li>electronic commerce </li></ul></ul><ul><ul><li>electronic voting </li></ul></ul><ul><ul><li>homework submission </li></ul></ul>
  20. 20. Secure Protocols <ul><li>Many application protocols include the use of cryptography as part of the application level protocol. </li></ul><ul><ul><li>The cryptographic scheme employed is part of the protocol. </li></ul></ul><ul><ul><li>If stronger cryptographic tools become available we need to change the protocol. </li></ul></ul>
  21. 21. SSL and TLS <ul><li>Secure Sockets Layer (SSL) is a different approach - a new layer is added that provides a secure channel over a TCP only link. </li></ul><ul><li>TLS is Transport Layer Security (IETF standard based on SSL). </li></ul>
  22. 22. SSL layer Application SSL TCP IP Application SSL TCP IP
  23. 23. Advantages of SSL/TLS <ul><li>Independent of application layer </li></ul><ul><li>Includes support for negotiated encryption techniques. </li></ul><ul><ul><li>easy to add new techniques. </li></ul></ul><ul><li>Possible to switch encryption algorithms in the middle of a session. </li></ul>
  24. 24. HTTPS Usage <ul><li>HTTPS is HTTP running over SSL. </li></ul><ul><ul><li>used for most secure web transactions. </li></ul></ul><ul><ul><li>HTTPS server usually runs on port 443. </li></ul></ul><ul><ul><li>Include notion of verification of server via a certificate. </li></ul></ul><ul><ul><li>Central trusted source of certificates. </li></ul></ul>

×