SlideShare a Scribd company logo

aacyberessential3cryptography-131067585699078884.pptx

Download as PPTX, PDF
I
ImXaib

Crypto

Education
1 of 36
Introduction to Symmetric and Asymmetric Cryptography
Objectives  Motivate the needs for cryptography  Explain the role of cryptography in everyday use  Symmetric Cryptography:  Describe the main concept  Analyse some examples  Discuss strength and limitations  Asymmetric Cryptography  Describe the main concept  Analyse some examples  Discuss strength and limitations  Questions.
Why Use Cryptography?  To communicate secret information when other people (eavesdroppers) are listening.  When attacker has access to the raw bits representing the information  Mitigation: Data encryption Cryptographic techniques
The Cast of Characters  Alice and Bob are “honest” players.  Eve and Malory are adversaries (intruders)  Eve ”eavesdropper”, is a passive intruder. Sniffs messages at will  Malory is an active “intruder”. Aims to view, alter, delete and inject messages into the network
 Problem: Alice and Bob would like to exchange messages over a public network (such as Internet) in such a way that information contents are not revealed to anyone but the intended recipient.  Solution: Data Encryption + clever Cryptography Confidentiality 6 Confidentiality Alice Bob Malory Eve
Confidentiality 7 How does it work?  Two functions are needed:
Example  encoder function is next letter in the alphabet  decoder function is … “attack at midnight” Confidentiality 7 “buubdl bu njeojhiu” “buubdl bu njeojhiu” “attack at midnight”
Encryption and Decryption  Encoding the contents of the message (the plaintext) in such a way that hides its contents from outsiders is called encryption.  The process of retrieving the plaintext from the cipher-text is called decryption.  Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key. “attack at midnight” “buubdl bu njeojhiu” - plaintext Confidentiality 8 - ciphertext
The Encryption Process Aim: to hide a message content by making it Confidentiality 9 unreadable Plaintext Scrambling data Ciphertext: unreadable version Key
11 Encryption and Decryption  The encryption and decryption functions take a key as an additional input. Confidentiality
12 Shared Keys  In a symmetric cryptosystem the encryption key and the decryption key are identical.  A longer key implies stronger encryption. Confidentiality
Symmetric Cryptosystems Use the same key (the secret key) to encrypt and decrypt a message
Symmetric Encryption Encryption Algorithm Shared Key Decryption Algorithm Alice Bob Sender and recipient Must both know the key. This is a weakness! Confidentiality 13
Symmetric XOR Cipher  P encrypts to C with key K and C decrypts P to with same key K. P 0 1 1 0 1 0 0 1 0 K 1 0 0 1 1 0 0 1 0 ✚ = C 1 1 1 1 0 0 0 0 0 = ✚ P 0 1 1 0 1 0 0 1 0 K 1 0 0 1 1 0 0 1 0 Plain Key Cipher Confidentiality 14
One Time Pad Confidentiality 15  The perfect encryption  Pad: perfectly random list of letters Use each letter exactly once to encrypt one letter of message and to decrypt the one letter of message Discard each letter once used (hence, pad) Method: Add the message letter and the key letter Mod 26. This is reversible like XOR.  The message can never, ever, be found (unless you have the pad).
Example –one time pad  P encrypts to C with key K and C decrypts P to with same key K. P a t t a c k a t K a l i a b d a l ✚ = C b f c a d m d b f = ✚ P a t t a c k a t K a l i a b d a l Plain Key Cipher Confidentiality 16
Confidentiality 18 Symmetric Encryption 1. Agree on a Shared Key Alice would like to send a confidential file to Bob PASSWORD IS GREEN! 2. Encrypt using Shared Key CJG5%jARGONS8* %K23##hsgdfey9 826. CJG5%jARGONS8* %K23##hsgdfey9 826. 3. Email file 4. Decrypt using Shared Key PASSWORD IS GREEN!
Emailing an encrypted message Alice wants to send a confidential message to Bob CREDIT CARD CODE IS 5206
Confidentiality 20 Symmetric Encryption 1. Agree on a Shared Key CREDIT CARD CODE IS 5206 2. Encrypt using Shared Key CJG5%jARGONS8* %K23##hsgdfey9 826. CJG5%jARGONS8* %K23##hsgdfey9 826. 3. Email file 4. Decrypt using Shared Key CREDIT CARD CODE IS 5206
1.Data Encryption Standard (DES)  Developed in the 1970s; made a standard by the US government, was adopted by several other governments worldwide and was widely used in the financial industry until 2004.  Block cipher with 64-bit block size.  Uses 56-bit keys: Strong enough to keep most random hackers and individuals out, but it is easily breakable with special hardware.  A variant of DES, Triple-DES or 3DES is based on using DES three times (normally in an encrypt-decrypt-encrypt sequence with three different, unrelated keys). Many people consider Triple-DES to be much safer than plain DES. Confidentiality 20 Symmetric Cryptosystems
 Current standard.  DES was perceived as breakable in mid 2000.  AES was a stronger replacement to DES. Confidentiality 21 Advanced Encryption Standard (AES)
2. RC2, RC4 and RC5 (RSA Data Security, Inc.)  Variable-length keys as long as 2048 bits  Algorithms using 40-bits or less are used in browsers to satisfy export constraints  The algorithm is very fast. Its security is unknown, but breaking it seems challenging. Because of its speed, it may have uses in certain applications. 3. IDEA (International Data Encryption Algorithm)  Developed at ETH Zurich in Switzerland.  Uses a 128 bit key, and it is generally considered to be very secure.  Patented in the United States and in most of the European countries. The patent is held by Ascom-Tech. Non-commercial use of IDEA is free. Commercial licenses can be obtained by contacting idea@ascom.ch.  Used in email encryption software such as PGP and RSA Confidentiality 22 Symmetric Cryptosystems (2)
4. Blowfish  Developed by Bruce Schneider.  Block cipher with 64-bit block size and variable length keys (up to 448 bits). It has gained a fair amount of acceptance in a number of applications. No attacks are known against it.  Blowfish is used in a number of popular software packages, including Nautilus and PGPfone. 5. SAFER  Developed by J. L. Massey (one of the developers of IDEA). It is claimed to provide secure encryption with fast software implementation even on 8-bit processors.  Two variants are available, one for 64 bit keys and the other for 128 bit keys. An implementation is in ftp:// ftp.funet.fi/pub/crypt/cryptography/symmetric/safer. Confidentiality 23 Symmetric Cryptosystems (3)
Limitations Confidentiality 24  Parties that have not previously met cannot communicate securely  Many people need to communicate with a server (many-to-one communications)  cannot keep server key secret for long  Once the secret key is compromised, the security of all subsequent messages is suspect and a new key has to be generated  Authentication service must know private key  privacy implications---someone else knows your key  two possible points of attack  changing authentication service requires a new key  Digital signatures are difficult  Crossrealm authentication  accessing services outside the domain or realm of your authentication server is problematic  requires agreement and trust between authentication services  introduces another potential point of attack
 Private or symmetric key systems rely on symmetric encryption algorithms where information encrypted with a key K can only be decrypted with K.  Secret key is exchanged via some other secure means (hand-delivery, over secured lines, pre-established convention).  Time to crack known symmetric encryption algorithms Confidentiality 25 L KEY H ENGT SPEND $$THOUSANDS SPEND $$MILLIONS SPEND $100 MILLION 40 bits seconds < 1 second < .01 second 56 bits hours minutes 1 second 64 bits days hours minutes 80 bits years months days 128 bits > million years > million years > centuries Analysis
Symmetric Cryptosystems Problems Confidentiality 26  How to transport the secret key from the sender to the recipient securely and in a tamperproof fashion?  If you could send the secret key securely, then, in theory, you wouldn't need the symmetric cryptosystem in the first place -- because you would simply use that secure channel to send your message.  Frequently, trusted couriers are used as a solution to this problem.
Asymmetric Cryptosystems In asymmetric-key cryptography, users do not need to know a symmetric shared key; everyone • shields a private key and • advertises a public key
29  Alice and Bob don’t already share a key and can’t meet to do so. How can they make their future communications confidential?  The main protocol we study is the celebrated Diffie-Hellmann Key Exchange (DHKE) protocol. Key Agreement
Diffie-Hellman Key Exchange Idea Alice Bob 1/3 key is public Two keys are the same: it doesn’t matter if x if filled first or y. Bob fills up another 1/3 of key using his part (y) and sends the mix to Alice g g g g g g Alice fills up another 1/3 of key using her part (x) and sends the mix to Bob x y y x y x Alice completes the key by adding her secret part (x) Bob completes the key by adding his secret part (y)
An alternative interpretation  Alice & Bob each think of a secret color (known only to them)  They mix their color with yellow (agreed upon openly ahead of time) and exchange.  They mix their color with what they’ve received.  Both have the same color but observer cannot duplicate. Alice Bob
A 32 Asymmetric Encryption Encryption Algorithm Decryption Algorithm Alice Sender knows public key Recipient knows private key. B B B Bob B
Bob 33 Signing and verification Signing Algorithm Verification Algorithm Alice Sender knows private key Recipient knows public key. A A A A
Properties Confidentiality 33  These algorithms are based on computationally intensive problems such as finding the prime factors of large numbers. Longer the length of the key pair, the more time it takes to crack the private key Keys used in today’s internet will take millions of years to crack using today’s technologies
Slow … Confidentiality 34  Public key cryptosystems are slow, really slow! three orders of magnitude (1000 times) slower than AES mainly used as key exchange tool  Scientists are supposed to be real “smart” and love to solve difficult problems but even they hope to never solve factoring if you can find a quick solution, fame, dollars and danger lurk!
Problems Confidentiality 35  Keys are usually very long and encryption is expensive  RSA encryption is a 1000 times slower than typical symmetric algorithms  hard to remember secret key - where do you store it?  typically only used for authentication, then a random key and a symmetric encryption algorithm is used for subsequent communication  Multicast is problematic  Better to authenticate using public key algorithm, then use random key with symmetric algorithm  How do you know you have the right public key for a principal?  Public key is usually distributed as a document ``signed'' by a well known and trusted certification authority (e.g. Verisign). This is called a certificate. How do you determine if signature is upto date? What if the key has been compromised?
Analysis Confidentiality 36  Private (Symmetric) key: + encryption is fast  identity is not easily portable across authentication services  secret key must be held by server + good for structured, organizational security  Public (Asymmetric) key:  encryption is slow + identity is inherently portable + secret key need not ever be revealed + provides digital signatures + good for individuals in loosely structured networks

Recommended

Crypt
CryptCrypt
CryptMir Majid
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographySarthak Patel
 
Crypt
CryptCrypt
Cryptsachincrazy
 
36_Cryptography.pdf
36_Cryptography.pdf36_Cryptography.pdf
36_Cryptography.pdf
ssuserfb92ae
 
Network Security
Network SecurityNetwork Security
Network Security
hj43us
 
Security pre
Security preSecurity pre
Security pre
missstevenson01
 
ET4045-2-cryptography-2
ET4045-2-cryptography-2ET4045-2-cryptography-2
ET4045-2-cryptography-2
Tutun Juhana
 

Recommended

Crypt
CryptCrypt
CryptMir Majid
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographySarthak Patel
 
Crypt
CryptCrypt
Cryptsachincrazy
 
36_Cryptography.pdf
36_Cryptography.pdf36_Cryptography.pdf
36_Cryptography.pdf
ssuserfb92ae
 
Network Security
Network SecurityNetwork Security
Network Security
hj43us
 
Security pre
Security preSecurity pre
Security pre
missstevenson01
 
ET4045-2-cryptography-2
ET4045-2-cryptography-2ET4045-2-cryptography-2
ET4045-2-cryptography-2
Tutun Juhana
 
Data encryption
Data encryptionData encryption
Data encryption
Balvant Biradar
 
Itt project
Itt projectItt project
Itt project
Harish Kumar
 
amer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.pptamer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.ppt
navidkamrava
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Cryptography intro
Cryptography introCryptography intro
Cryptography introismaelhaider
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
ukd789555
 
What is Encryption
What is EncryptionWhat is Encryption
What is EncryptionIsrael Marcus
 
Criptography
CriptographyCriptography
Criptography
Sajan Sahu
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
Saif Kassim
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
Tanner Lovelace
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Kai Koenig
 
Cryptography by gaurav singh
Cryptography by gaurav singhCryptography by gaurav singh
Cryptography by gaurav singh
Gaurav Singh
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829a
jsk1950
 
b
bb
bBalaji Ravi
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
jibonjibon5
 
Encryption
EncryptionEncryption
EncryptionVijay Kumar
 
Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Sri Prasanna
 
ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptx
ImXaib
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptx
ImXaib
 

More Related Content

Similar to aacyberessential3cryptography-131067585699078884.pptx

Data encryption
Data encryptionData encryption
Data encryption
Balvant Biradar
 
Itt project
Itt projectItt project
Itt project
Harish Kumar
 
amer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.pptamer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.ppt
navidkamrava
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Cryptography intro
Cryptography introCryptography intro
Cryptography introismaelhaider
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
ukd789555
 
Criptography
CriptographyCriptography
Criptography
Sajan Sahu
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
Saif Kassim
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
Tanner Lovelace
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
Kai Koenig
 
Cryptography by gaurav singh
Cryptography by gaurav singhCryptography by gaurav singh
Cryptography by gaurav singh
Gaurav Singh
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829a
jsk1950
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
jibonjibon5
 
Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Sri Prasanna
 

Similar to aacyberessential3cryptography-131067585699078884.pptx (20)

Data encryption
Data encryptionData encryption
Data encryption
 
Itt project
Itt projectItt project
Itt project
 
amer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.pptamer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.ppt
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
Cryptography intro
Cryptography introCryptography intro
Cryptography intro
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
 
What is Encryption
What is EncryptionWhat is Encryption
What is Encryption
 
Criptography
CriptographyCriptography
Criptography
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
Cryptography by gaurav singh
Cryptography by gaurav singhCryptography by gaurav singh
Cryptography by gaurav singh
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829a
 
b
bb
b
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
 
Encryption
EncryptionEncryption
Encryption
 
Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)
 

More from ImXaib

ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptx
ImXaib
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptx
ImXaib
 
terminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptxterminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptx
ImXaib
 
What is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptxWhat is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptx
ImXaib
 
Grid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTXGrid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTX
ImXaib
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
ImXaib
 
4966709.ppt
4966709.ppt4966709.ppt
4966709.ppt
ImXaib
 
lecture2.ppt
lecture2.pptlecture2.ppt
lecture2.ppt
ImXaib
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptx
ImXaib
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.ppt
ImXaib
 
ch12.ppt
ch12.pptch12.ppt
ch12.ppt
ImXaib
 
Fullandparavirtualization.ppt
Fullandparavirtualization.pptFullandparavirtualization.ppt
Fullandparavirtualization.ppt
ImXaib
 
mis9_ch08_ppt.ppt
mis9_ch08_ppt.pptmis9_ch08_ppt.ppt
mis9_ch08_ppt.ppt
ImXaib
 
rooster-ipsecindepth.ppt
rooster-ipsecindepth.pptrooster-ipsecindepth.ppt
rooster-ipsecindepth.ppt
ImXaib
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
ImXaib
 
Database schema architecture.ppt
Database schema architecture.pptDatabase schema architecture.ppt
Database schema architecture.ppt
ImXaib
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
Trends in DM.pptx
Trends in DM.pptxTrends in DM.pptx
Trends in DM.pptx
ImXaib
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
ImXaib
 
dm15-visualization-data-mining.ppt
dm15-visualization-data-mining.pptdm15-visualization-data-mining.ppt
dm15-visualization-data-mining.ppt
ImXaib
 

More from ImXaib (20)

ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptx
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptx
 
terminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptxterminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptx
 
What is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptxWhat is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptx
 
Grid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTXGrid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTX
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
4966709.ppt
4966709.ppt4966709.ppt
4966709.ppt
 
lecture2.ppt
lecture2.pptlecture2.ppt
lecture2.ppt
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptx
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.ppt
 
ch12.ppt
ch12.pptch12.ppt
ch12.ppt
 
Fullandparavirtualization.ppt
Fullandparavirtualization.pptFullandparavirtualization.ppt
Fullandparavirtualization.ppt
 
mis9_ch08_ppt.ppt
mis9_ch08_ppt.pptmis9_ch08_ppt.ppt
mis9_ch08_ppt.ppt
 
rooster-ipsecindepth.ppt
rooster-ipsecindepth.pptrooster-ipsecindepth.ppt
rooster-ipsecindepth.ppt
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Database schema architecture.ppt
Database schema architecture.pptDatabase schema architecture.ppt
Database schema architecture.ppt
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
Trends in DM.pptx
Trends in DM.pptxTrends in DM.pptx
Trends in DM.pptx
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
 
dm15-visualization-data-mining.ppt
dm15-visualization-data-mining.pptdm15-visualization-data-mining.ppt
dm15-visualization-data-mining.ppt
 

Recently uploaded

Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
Nguyen Thanh Tu Collection
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 

Recently uploaded (20)

Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 

aacyberessential3cryptography-131067585699078884.pptx

  • 1. Introduction to Symmetric and Asymmetric Cryptography
  • 2. Objectives  Motivate the needs for cryptography  Explain the role of cryptography in everyday use  Symmetric Cryptography:  Describe the main concept  Analyse some examples  Discuss strength and limitations  Asymmetric Cryptography  Describe the main concept  Analyse some examples  Discuss strength and limitations  Questions.
  • 3. Why Use Cryptography?  To communicate secret information when other people (eavesdroppers) are listening.  When attacker has access to the raw bits representing the information  Mitigation: Data encryption Cryptographic techniques
  • 4. The Cast of Characters  Alice and Bob are “honest” players.  Eve and Malory are adversaries (intruders)  Eve ”eavesdropper”, is a passive intruder. Sniffs messages at will  Malory is an active “intruder”. Aims to view, alter, delete and inject messages into the network
  • 5.  Problem: Alice and Bob would like to exchange messages over a public network (such as Internet) in such a way that information contents are not revealed to anyone but the intended recipient.  Solution: Data Encryption + clever Cryptography Confidentiality 6 Confidentiality Alice Bob Malory Eve
  • 6. Confidentiality 7 How does it work?  Two functions are needed:
  • 7. Example  encoder function is next letter in the alphabet  decoder function is … “attack at midnight” Confidentiality 7 “buubdl bu njeojhiu” “buubdl bu njeojhiu” “attack at midnight”
  • 8. Encryption and Decryption  Encoding the contents of the message (the plaintext) in such a way that hides its contents from outsiders is called encryption.  The process of retrieving the plaintext from the cipher-text is called decryption.  Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key. “attack at midnight” “buubdl bu njeojhiu” - plaintext Confidentiality 8 - ciphertext
  • 9. The Encryption Process Aim: to hide a message content by making it Confidentiality 9 unreadable Plaintext Scrambling data Ciphertext: unreadable version Key
  • 10. 11 Encryption and Decryption  The encryption and decryption functions take a key as an additional input. Confidentiality
  • 11. 12 Shared Keys  In a symmetric cryptosystem the encryption key and the decryption key are identical.  A longer key implies stronger encryption. Confidentiality
  • 12. Symmetric Cryptosystems Use the same key (the secret key) to encrypt and decrypt a message
  • 13. Symmetric Encryption Encryption Algorithm Shared Key Decryption Algorithm Alice Bob Sender and recipient Must both know the key. This is a weakness! Confidentiality 13
  • 14. Symmetric XOR Cipher  P encrypts to C with key K and C decrypts P to with same key K. P 0 1 1 0 1 0 0 1 0 K 1 0 0 1 1 0 0 1 0 ✚ = C 1 1 1 1 0 0 0 0 0 = ✚ P 0 1 1 0 1 0 0 1 0 K 1 0 0 1 1 0 0 1 0 Plain Key Cipher Confidentiality 14
  • 15. One Time Pad Confidentiality 15  The perfect encryption  Pad: perfectly random list of letters Use each letter exactly once to encrypt one letter of message and to decrypt the one letter of message Discard each letter once used (hence, pad) Method: Add the message letter and the key letter Mod 26. This is reversible like XOR.  The message can never, ever, be found (unless you have the pad).
  • 16. Example –one time pad  P encrypts to C with key K and C decrypts P to with same key K. P a t t a c k a t K a l i a b d a l ✚ = C b f c a d m d b f = ✚ P a t t a c k a t K a l i a b d a l Plain Key Cipher Confidentiality 16
  • 17. Confidentiality 18 Symmetric Encryption 1. Agree on a Shared Key Alice would like to send a confidential file to Bob PASSWORD IS GREEN! 2. Encrypt using Shared Key CJG5%jARGONS8* %K23##hsgdfey9 826. CJG5%jARGONS8* %K23##hsgdfey9 826. 3. Email file 4. Decrypt using Shared Key PASSWORD IS GREEN!
  • 18. Emailing an encrypted message Alice wants to send a confidential message to Bob CREDIT CARD CODE IS 5206
  • 19. Confidentiality 20 Symmetric Encryption 1. Agree on a Shared Key CREDIT CARD CODE IS 5206 2. Encrypt using Shared Key CJG5%jARGONS8* %K23##hsgdfey9 826. CJG5%jARGONS8* %K23##hsgdfey9 826. 3. Email file 4. Decrypt using Shared Key CREDIT CARD CODE IS 5206
  • 20. 1.Data Encryption Standard (DES)  Developed in the 1970s; made a standard by the US government, was adopted by several other governments worldwide and was widely used in the financial industry until 2004.  Block cipher with 64-bit block size.  Uses 56-bit keys: Strong enough to keep most random hackers and individuals out, but it is easily breakable with special hardware.  A variant of DES, Triple-DES or 3DES is based on using DES three times (normally in an encrypt-decrypt-encrypt sequence with three different, unrelated keys). Many people consider Triple-DES to be much safer than plain DES. Confidentiality 20 Symmetric Cryptosystems
  • 21.  Current standard.  DES was perceived as breakable in mid 2000.  AES was a stronger replacement to DES. Confidentiality 21 Advanced Encryption Standard (AES)
  • 22. 2. RC2, RC4 and RC5 (RSA Data Security, Inc.)  Variable-length keys as long as 2048 bits  Algorithms using 40-bits or less are used in browsers to satisfy export constraints  The algorithm is very fast. Its security is unknown, but breaking it seems challenging. Because of its speed, it may have uses in certain applications. 3. IDEA (International Data Encryption Algorithm)  Developed at ETH Zurich in Switzerland.  Uses a 128 bit key, and it is generally considered to be very secure.  Patented in the United States and in most of the European countries. The patent is held by Ascom-Tech. Non-commercial use of IDEA is free. Commercial licenses can be obtained by contacting idea@ascom.ch.  Used in email encryption software such as PGP and RSA Confidentiality 22 Symmetric Cryptosystems (2)
  • 23. 4. Blowfish  Developed by Bruce Schneider.  Block cipher with 64-bit block size and variable length keys (up to 448 bits). It has gained a fair amount of acceptance in a number of applications. No attacks are known against it.  Blowfish is used in a number of popular software packages, including Nautilus and PGPfone. 5. SAFER  Developed by J. L. Massey (one of the developers of IDEA). It is claimed to provide secure encryption with fast software implementation even on 8-bit processors.  Two variants are available, one for 64 bit keys and the other for 128 bit keys. An implementation is in ftp:// ftp.funet.fi/pub/crypt/cryptography/symmetric/safer. Confidentiality 23 Symmetric Cryptosystems (3)
  • 24. Limitations Confidentiality 24  Parties that have not previously met cannot communicate securely  Many people need to communicate with a server (many-to-one communications)  cannot keep server key secret for long  Once the secret key is compromised, the security of all subsequent messages is suspect and a new key has to be generated  Authentication service must know private key  privacy implications---someone else knows your key  two possible points of attack  changing authentication service requires a new key  Digital signatures are difficult  Crossrealm authentication  accessing services outside the domain or realm of your authentication server is problematic  requires agreement and trust between authentication services  introduces another potential point of attack
  • 25.  Private or symmetric key systems rely on symmetric encryption algorithms where information encrypted with a key K can only be decrypted with K.  Secret key is exchanged via some other secure means (hand-delivery, over secured lines, pre-established convention).  Time to crack known symmetric encryption algorithms Confidentiality 25 L KEY H ENGT SPEND $$THOUSANDS SPEND $$MILLIONS SPEND $100 MILLION 40 bits seconds < 1 second < .01 second 56 bits hours minutes 1 second 64 bits days hours minutes 80 bits years months days 128 bits > million years > million years > centuries Analysis
  • 26. Symmetric Cryptosystems Problems Confidentiality 26  How to transport the secret key from the sender to the recipient securely and in a tamperproof fashion?  If you could send the secret key securely, then, in theory, you wouldn't need the symmetric cryptosystem in the first place -- because you would simply use that secure channel to send your message.  Frequently, trusted couriers are used as a solution to this problem.
  • 27. Asymmetric Cryptosystems In asymmetric-key cryptography, users do not need to know a symmetric shared key; everyone • shields a private key and • advertises a public key
  • 28. 29  Alice and Bob don’t already share a key and can’t meet to do so. How can they make their future communications confidential?  The main protocol we study is the celebrated Diffie-Hellmann Key Exchange (DHKE) protocol. Key Agreement
  • 29. Diffie-Hellman Key Exchange Idea Alice Bob 1/3 key is public Two keys are the same: it doesn’t matter if x if filled first or y. Bob fills up another 1/3 of key using his part (y) and sends the mix to Alice g g g g g g Alice fills up another 1/3 of key using her part (x) and sends the mix to Bob x y y x y x Alice completes the key by adding her secret part (x) Bob completes the key by adding his secret part (y)
  • 30. An alternative interpretation  Alice & Bob each think of a secret color (known only to them)  They mix their color with yellow (agreed upon openly ahead of time) and exchange.  They mix their color with what they’ve received.  Both have the same color but observer cannot duplicate. Alice Bob
  • 31. A 32 Asymmetric Encryption Encryption Algorithm Decryption Algorithm Alice Sender knows public key Recipient knows private key. B B B Bob B
  • 32. Bob 33 Signing and verification Signing Algorithm Verification Algorithm Alice Sender knows private key Recipient knows public key. A A A A
  • 33. Properties Confidentiality 33  These algorithms are based on computationally intensive problems such as finding the prime factors of large numbers. Longer the length of the key pair, the more time it takes to crack the private key Keys used in today’s internet will take millions of years to crack using today’s technologies
  • 34. Slow … Confidentiality 34  Public key cryptosystems are slow, really slow! three orders of magnitude (1000 times) slower than AES mainly used as key exchange tool  Scientists are supposed to be real “smart” and love to solve difficult problems but even they hope to never solve factoring if you can find a quick solution, fame, dollars and danger lurk!
  • 35. Problems Confidentiality 35  Keys are usually very long and encryption is expensive  RSA encryption is a 1000 times slower than typical symmetric algorithms  hard to remember secret key - where do you store it?  typically only used for authentication, then a random key and a symmetric encryption algorithm is used for subsequent communication  Multicast is problematic  Better to authenticate using public key algorithm, then use random key with symmetric algorithm  How do you know you have the right public key for a principal?  Public key is usually distributed as a document ``signed'' by a well known and trusted certification authority (e.g. Verisign). This is called a certificate. How do you determine if signature is upto date? What if the key has been compromised?
  • 36. Analysis Confidentiality 36  Private (Symmetric) key: + encryption is fast  identity is not easily portable across authentication services  secret key must be held by server + good for structured, organizational security  Public (Asymmetric) key:  encryption is slow + identity is inherently portable + secret key need not ever be revealed + provides digital signatures + good for individuals in loosely structured networks