SlideShare a Scribd company logo

Basic Cryptography unit 4 CSS

Download as PPTX, PDF
SURBHI SAROHA
SURBHI SAROHA

Public key cryptography,RSA public key cryto.........

Education
1 of 35
Ms SURBHI SAROHA
 Public key cryptography  RSA public key crypto  Digital signature  Hash functions  Public key distribution  Real world protocols  Basic terminologies  Email security certificates  Transport Layer securityTLS  IP security  DNS security
 Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner.  The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions.  Effective security only requires keeping the private key private;  the public key can be openly distributed without compromising security.
 In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.  This allows, for instance, a server to generate a cryptographic key intended for symmetric-key cryptography, then use a client's openly- shared public key to encrypt that newly-generated symmetric key.  Now, the server can send this encrypted symmetric key on insecure channels to the client, and only the client can decrypt it using the client's private key pair to the public key used by the server to encrypt this message.  With the client and server both having the same symmetric key now, they can safely transition to symmetric key encryption to securely communicate back and forth on otherwise-insecure channels.  This has the advantage of not having to manually pre-share symmetric keys, while also gaining the higher data throughput advantage of symmetric-key cryptography over asymmetric key cryptography.
 With public-key cryptography, robust authentication is also possible.  A sender can combine a message with a private key to create a short digital signature on the message.  Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key.
 RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data transmission.  It is also one of the oldest.The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.  An equivalent system was developed secretly, in 1973 at GCHQ (the British signals intelligence agency), by the English mathematician Clifford Cocks.That system was declassified in 1997.
 In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private).  An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value.  The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers.
 The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the "factoring problem".  Breaking RSA encryption is known as the RSA problem.  Whether it is as difficult as the factoring problem is an open question.  There are no published methods to defeat the system if a large enough key is used.  RSA is a relatively slow algorithm. Because of this, it is not commonly used to directly encrypt user data.  More often, RSA is used to transmit shared keys for symmetric key cryptography, which are then used for bulk encryption-decryption.
 A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.  A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.  A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
 A hash function is any function that can be used to map data of arbitrary size to fixed-size values.  The values returned by a hash function are called hash values, hash codes, digests, or simply hashes.  Hash functions are extremely useful and appear in almost all information security applications.  A hash function is a mathematical function that converts a numerical input value into another compressed numerical value.  The input to the hash function is of arbitrary length but output is always of fixed length.
 Public key can be distributed in 4 ways:  Public announcement,  Publicly available directory,  Public-key authority, and  Public-key certificates.  These are explained as following below.  Public Announcement: Here the public key is broadcasted to everyone.  Major weakness of this method is forgery.  Anyone can create a key claiming to be someone else and broadcast it.  Until forgery is discovered can masquerade as claimed user.
 Publicly Available Directory: In this type, the public key is stored at a public directory.  Directories are trusted here, with properties like Participant Registration, access and allow to modify values at any time, contains entries like {name, public-key}.  Directories can be accessed electronically still vulnerable to forgery or tampering.
 Public Key Authority: It is similar to the directory but, improve security by tightening control over distribution of keys from directory.  It requires users to know public key for the directory.  Whenever the keys are needed, a real-time access to directory is made by the user to obtain any desired public key securely.
 Public Certification: This time authority provides a certificate (which binds identity to the public key) to allow key exchange without real-time access to the public authority each time.  The certificate is accompanied with some other info such as period of validity, rights of use etc.  All of this content is signed by the trusted Public-Key or Certificate Authority (CA) and it can be verified by anyone possessing the authority’s public-key.
 The typical cryptographic protocols include the Secure Socket Layer Protocol (SSL) and its variant,Transport Layer Security Protocol (TLS), the Internet Key Exchange Protocol (IKE) and the Kerberos Authentication Protocol.  A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives.  A protocol describes how the algorithms should be used.  A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program  For example,Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTPS) connections.  It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public- key cryptography; and an application-level data transport function.  These three aspects have important interconnections.  StandardTLS does not have non-repudiation support.
 Asymmetric Algorithm An algorithm in which the key used for encryption is different from that used for decryption. Also known as public key cryptography.Block Cipher An algorithm that encrypts data in blocks, commonly of 64 bits each.  CAST A 64-bit block cipher, developed in Canada by CarlisleAdams and StaffordTavares.  Cipher A cryptographic algorithm, i.e. a mathematical function used for encryption and decryption.  Clipper Originally the name for a tamper-resistant encryption chip designed by the U.S. National Security Agency for voice encryption.The chip has built-in key escrow features to facilitate wire-tapping.The term has subsequently been applied to further attempts by the US government to introduce key escrow provisions, the latest variation being the key recovery plan of October 1996, dubbed Clipper 4.
 DES Digital Encryption Standard. A symmetric block cipher using a 56-bit key which was originally developed by the US National Institute of Standards and Technology (NIST) in 1977 as a standard encryption algorithm. In 1999, the Electronic Frontier Foundation (USA) developed a machine to demonstrate that DES could be broken in a few hours with a brute-force attack. Encryption using single DES is generally no longer considered to be secure. (SeeTriple DES)  Diffie-Hellman A public-key algorithm, invented in 1976.  DH/DSS A type of key used in PGP since version 5.0. Contains a Diffie-Hellman key of between 1024 and 4096 bits for encryption and a 1024-bit DSS key for digital signatures.  DSS Digital Signature Standard. A proposed standard for digital signatures using Digital Signature Algorithm.  Digital Signature An encrypted message digest which is appended to a plaintext or encrypted message to verify the identity of the sender. The signature is encrypted with the user's private key and can only be decrypted with the corresponding public key.The same key pairs may be used for signature and encryption purposes but separate key pairs for each purpose are usually recommended.
 IDEA International Data Encryption Algorithm. It was introduced in 1992 as a potential alternative to DES and is regarded as very secure. It is a block cipher using a symmetric algorithm based on a 128 bit key. IDEA is the data encryption algorithm used in PGP.  Key A value that is used to encrypt or decrypt a message.  Key Escrow A concept that originated with the Clipper Chip program, by which a secret or private key is split and the two parts held by escrow agencies against the possibility that the key may be required for law enforcement surveillance or national security purposes.  Key Recovery A key escrow system which relies on a trusted party to recover a user's confidential keys for use by law enforcement or national security agencies acting under "proper authority".The trusted recovery party might in some cases be internal to the user's organization, but in all cases notice to surveillance targets that their key information had been released would be prohibited. Key recovery is central to the US government's new encryption policy announced in October 1996.  PGP A complete public-key cryptosystem for electronic messaging that has been released to the public domain. It was originally designed by Phil Zimmerman. It uses IDEA, CAST orTriple DES for actual data encryption and RSA (with up to 2048-bit key) or DH/DSS (with 1024-bit signature key and 4096-bit encryption key) for key management and digital signatures. The RSA or DH public key is used to encrypt the IDEA secret key as part of the message.
 PKAF Public Key Authentication Framework. A system for authenticating digital signatures based on a hierarchy of trusted signatures.  Private Key The secret part of a a private key/public key pair used in public key cryptography. The Private Key is normally known only to the key owner. Messages are encrypted using the Public Key and decrypted using the Private Key. For digital signatures, however, a document is signed with a Private Key and authenticated with the corresponding Public Key.  Public Key Cryptography A concept first proposed by Diffie and Hellman in 1975 that has been largely responsible for opening up the science of cryptography for commercial use.The encryption key is made public but only the person who holds the corresponding private key can decrypt the message.  RSA The best known public key algorithm, named after its inventors: Rivest, Shamir and Adleman. RSA uses public and private keys that are functions of a pair of large prime numbers.The algorithm is best known for its application in PGP. It is patented in the USA only.  Steganography A method of hiding a secret message in another message, e.g. within a graphic image.  Symmetric Algorithm An encryption algorithm where the encryption key is the same as the decryption key, or where one key is easily calculated from the other.The sender and receiver have to agree on a key before they can communicate securely.  Triple DES A method of vastly increasing the security of DES by encrypting 3 times with different keys.
 An email certificate is a digital file that is installed to your email application to enable secure email communication.  These certificates are known by many names — email security certificates, email encryption certificates, S/MIME certificates, etc. S/MIME, which stands for “secure/multipurpose internet mail extension,” is a certificate that allows users to digitally sign their email communications as well as encrypt the content and attachments included in them.  Not only does this authenticate the identity of the sender to the recipient, but it also protects the integrity of the email data before it is transmitted across the internet.
 In a nutshell, an S/MIME email certificate allows you to:  Encrypt your emails so that only your intended recipient can access the content of the message.  Digitally sign your emails so the recipient can verify that the email was, in fact, sent by you and not a phisher posing as you.  The way that an email encryption certificate works is by using asymmetric encryption.  It uses a public key to encrypt the email and send it so that the recipient, who has the matching private key, can decrypt the entire message (and any attachments) automatically.  Asymmetric encryption is also what’s behind the SSL/TLS protocol as well as cryptocurrencies.
 Transport Layer Security, and its now- deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network.  Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP.
 Transport Layer Security, orTLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.  A primary use case ofTLS is encrypting the communication between web applications and servers, such as web browsers loading a website.  TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP).  In this article we will focus on the role ofTLS in web application security.  TLS was proposed by the Internet EngineeringTask Force (IETF), an international standards organization, and the first version of the protocol was published in 1999.  The most recent version isTLS 1.3, which was published in 2018.
 In computing, Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.  It is used in virtual private networks.  The IP security (IPSec) is an Internet EngineeringTask Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality.  It also defines the encrypted, decrypted and authenticated packets.
 IPsec can be used to do the following things:  To encrypt application layer data.  To provide security for routers sending routing data across the public internet.  To provide authentication without encryption, like to authenticate that the data originates from a known sender.  To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with aVirtual Private Network(VPN) connection.
 DNSSEC stands for Domain Name System Security Extensions, and it is a technology used to protect information on the Domain Name System (DNS) which is used on IP networks.  It provides authentication for the origin of the DNS data, helping to safeguard against attacks and protect data integrity.
 Like many Internet protocols, the DNS system was not designed with security in mind and contains several design limitations.  These limitations, combined with advances in technology, have made it easy for attackers to hijack a DNS lookup for malicious purposes, such as sending a user to a fraudulent website that can distribute malware or collect personal information.  DNS Security Extensions (DNSSEC) is a security protocol created to mitigate this problem.  DNSSEC protects against attacks by digitally signing data to help ensure its validity.  In order to ensure a secure lookup, the signing must happen at every level in the DNS lookup process.
 This signing process is similar to someone signing a legal document with a pen; that person signs with a unique signature that no one else can create, and a court expert can look at that signature and verify that the document was signed by that person.  These digital signatures ensure that data has not been tampered with.  DNSSEC implements a hierarchical digital signing policy across all layers of DNS.  For example, in the case of a ‘google.com’ lookup, a root DNS server would sign a key for the .COM nameserver, and the .COM nameserver would then sign a key for google.com’s authoritative nameserver.
 While improved security is always preferred, DNSSEC is designed to be backwards-compatible to ensure that traditional DNS lookups still resolve correctly, albeit without the added security.  DNSSEC is meant to work with other security measures like SSL/TLS as part of a holistic Internet security strategy.  DNSSEC creates a parent-child train of trust that travels all the way up to the root zone.  This chain of trust cannot be compromised at any layer of DNS, or else the request will become open to an on-path attack.
Basic Cryptography unit 4 CSS

Recommended

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyPopescu Petre
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
cryptography
cryptographycryptography
cryptographyAbhijeet Singh
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 

Recommended

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyPopescu Petre
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
cryptography
cryptographycryptography
cryptographyAbhijeet Singh
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 
Hash Function
Hash FunctionHash Function
Hash Functionstalin rijal
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptographyzahid-mian
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture NotesFellowBuddy.com
 
Email security
Email securityEmail security
Email securityMohammed Hilal
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Cryptography
CryptographyCryptography
CryptographyIGZ Software house
 
Cryptography
CryptographyCryptography
Cryptographyjayashri kolekar
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
Data encryption
Data encryptionData encryption
Data encryptionBalvant Biradar
 
Chapter 08
Chapter 08Chapter 08
Chapter 08cclay3
 

More Related Content

What's hot

Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptographyzahid-mian
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture NotesFellowBuddy.com
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 

What's hot (20)

Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
 
Web Security
Web SecurityWeb Security
Web Security
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
 
Key management
Key managementKey management
Key management
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signature
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture Notes
 
Email security
Email securityEmail security
Email security
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 

Similar to Basic Cryptography unit 4 CSS

Chapter 08
Chapter 08Chapter 08
Chapter 08cclay3
 
Cryptography
CryptographyCryptography
CryptographyJasim Jas
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesMurali Krishna
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography Durgesh Malviya
 
Review on variants of Security aware AODV
Review on variants of Security aware AODVReview on variants of Security aware AODV
Review on variants of Security aware AODVijsrd.com
 
PresentationonCRYPTOGRAPHYppt.pdf
PresentationonCRYPTOGRAPHYppt.pdfPresentationonCRYPTOGRAPHYppt.pdf
PresentationonCRYPTOGRAPHYppt.pdfVAIBHAVCHAKRAWARTI
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comphanleson
 

Similar to Basic Cryptography unit 4 CSS (20)

Data encryption
Data encryptionData encryption
Data encryption
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modules
 
s117
s117s117
s117
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
 
Encryption
EncryptionEncryption
Encryption
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
Cryptography
CryptographyCryptography
Cryptography
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptography
 
Review on variants of Security aware AODV
Review on variants of Security aware AODVReview on variants of Security aware AODV
Review on variants of Security aware AODV
 
Unit 7 : Network Security
Unit 7 : Network SecurityUnit 7 : Network Security
Unit 7 : Network Security
 
Data encryption algorithm(edit)
Data encryption algorithm(edit)Data encryption algorithm(edit)
Data encryption algorithm(edit)
 
PresentationonCRYPTOGRAPHYppt.pdf
PresentationonCRYPTOGRAPHYppt.pdfPresentationonCRYPTOGRAPHYppt.pdf
PresentationonCRYPTOGRAPHYppt.pdf
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
 

More from SURBHI SAROHA

Cloud Computing (Infrastructure as a Service)UNIT 2
Cloud Computing (Infrastructure as a Service)UNIT 2Cloud Computing (Infrastructure as a Service)UNIT 2
Cloud Computing (Infrastructure as a Service)UNIT 2SURBHI SAROHA
 
Management Information System(Unit 2).pptx
Management Information System(Unit 2).pptxManagement Information System(Unit 2).pptx
Management Information System(Unit 2).pptxSURBHI SAROHA
 
Searching in Data Structure(Linear search and Binary search)
Searching in Data Structure(Linear search and Binary search)Searching in Data Structure(Linear search and Binary search)
Searching in Data Structure(Linear search and Binary search)SURBHI SAROHA
 
Management Information System(UNIT 1).pptx
Management Information System(UNIT 1).pptxManagement Information System(UNIT 1).pptx
Management Information System(UNIT 1).pptxSURBHI SAROHA
 
Introduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxIntroduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxSURBHI SAROHA
 
Keys in dbms(UNIT 2)
Keys in dbms(UNIT 2)Keys in dbms(UNIT 2)
Keys in dbms(UNIT 2)SURBHI SAROHA
 
Database Management System(UNIT 1)
Database Management System(UNIT 1)Database Management System(UNIT 1)
Database Management System(UNIT 1)SURBHI SAROHA
 
Object-Oriented Programming with Java UNIT 1
Object-Oriented Programming with Java UNIT 1Object-Oriented Programming with Java UNIT 1
Object-Oriented Programming with Java UNIT 1SURBHI SAROHA
 
Database Management System(UNIT 1)
Database Management System(UNIT 1)Database Management System(UNIT 1)
Database Management System(UNIT 1)SURBHI SAROHA
 

More from SURBHI SAROHA (20)

Cloud Computing (Infrastructure as a Service)UNIT 2
Cloud Computing (Infrastructure as a Service)UNIT 2Cloud Computing (Infrastructure as a Service)UNIT 2
Cloud Computing (Infrastructure as a Service)UNIT 2
 
Management Information System(Unit 2).pptx
Management Information System(Unit 2).pptxManagement Information System(Unit 2).pptx
Management Information System(Unit 2).pptx
 
Searching in Data Structure(Linear search and Binary search)
Searching in Data Structure(Linear search and Binary search)Searching in Data Structure(Linear search and Binary search)
Searching in Data Structure(Linear search and Binary search)
 
Management Information System(UNIT 1).pptx
Management Information System(UNIT 1).pptxManagement Information System(UNIT 1).pptx
Management Information System(UNIT 1).pptx
 
Introduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptxIntroduction to Cloud Computing(UNIT 1).pptx
Introduction to Cloud Computing(UNIT 1).pptx
 
JAVA (UNIT 5)
JAVA (UNIT 5)JAVA (UNIT 5)
JAVA (UNIT 5)
 
DBMS (UNIT 5)
DBMS (UNIT 5)DBMS (UNIT 5)
DBMS (UNIT 5)
 
DBMS UNIT 4
DBMS UNIT 4DBMS UNIT 4
DBMS UNIT 4
 
JAVA(UNIT 4)
JAVA(UNIT 4)JAVA(UNIT 4)
JAVA(UNIT 4)
 
OOPs & C++(UNIT 5)
OOPs & C++(UNIT 5)OOPs & C++(UNIT 5)
OOPs & C++(UNIT 5)
 
OOPS & C++(UNIT 4)
OOPS & C++(UNIT 4)OOPS & C++(UNIT 4)
OOPS & C++(UNIT 4)
 
DBMS UNIT 3
DBMS UNIT 3DBMS UNIT 3
DBMS UNIT 3
 
JAVA (UNIT 3)
JAVA (UNIT 3)JAVA (UNIT 3)
JAVA (UNIT 3)
 
Keys in dbms(UNIT 2)
Keys in dbms(UNIT 2)Keys in dbms(UNIT 2)
Keys in dbms(UNIT 2)
 
DBMS (UNIT 2)
DBMS (UNIT 2)DBMS (UNIT 2)
DBMS (UNIT 2)
 
JAVA UNIT 2
JAVA UNIT 2JAVA UNIT 2
JAVA UNIT 2
 
Database Management System(UNIT 1)
Database Management System(UNIT 1)Database Management System(UNIT 1)
Database Management System(UNIT 1)
 
Object-Oriented Programming with Java UNIT 1
Object-Oriented Programming with Java UNIT 1Object-Oriented Programming with Java UNIT 1
Object-Oriented Programming with Java UNIT 1
 
Database Management System(UNIT 1)
Database Management System(UNIT 1)Database Management System(UNIT 1)
Database Management System(UNIT 1)
 
OOPs & C++ UNIT 3
OOPs & C++ UNIT 3OOPs & C++ UNIT 3
OOPs & C++ UNIT 3
 

Recently uploaded

Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayMakMakNepo
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 

Recently uploaded (20)

Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up Friday
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 

Basic Cryptography unit 4 CSS

  • 2.  Public key cryptography  RSA public key crypto  Digital signature  Hash functions  Public key distribution  Real world protocols  Basic terminologies  Email security certificates  Transport Layer securityTLS  IP security  DNS security
  • 3.  Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner.  The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions.  Effective security only requires keeping the private key private;  the public key can be openly distributed without compromising security.
  • 4.  In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.  This allows, for instance, a server to generate a cryptographic key intended for symmetric-key cryptography, then use a client's openly- shared public key to encrypt that newly-generated symmetric key.  Now, the server can send this encrypted symmetric key on insecure channels to the client, and only the client can decrypt it using the client's private key pair to the public key used by the server to encrypt this message.  With the client and server both having the same symmetric key now, they can safely transition to symmetric key encryption to securely communicate back and forth on otherwise-insecure channels.  This has the advantage of not having to manually pre-share symmetric keys, while also gaining the higher data throughput advantage of symmetric-key cryptography over asymmetric key cryptography.
  • 5.  With public-key cryptography, robust authentication is also possible.  A sender can combine a message with a private key to create a short digital signature on the message.  Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key.
  • 6.
  • 7.
  • 8.  RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data transmission.  It is also one of the oldest.The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.  An equivalent system was developed secretly, in 1973 at GCHQ (the British signals intelligence agency), by the English mathematician Clifford Cocks.That system was declassified in 1997.
  • 9.  In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private).  An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value.  The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers.
  • 10.  The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the "factoring problem".  Breaking RSA encryption is known as the RSA problem.  Whether it is as difficult as the factoring problem is an open question.  There are no published methods to defeat the system if a large enough key is used.  RSA is a relatively slow algorithm. Because of this, it is not commonly used to directly encrypt user data.  More often, RSA is used to transmit shared keys for symmetric key cryptography, which are then used for bulk encryption-decryption.
  • 11.  A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.  A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.  A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
  • 12.
  • 13.  A hash function is any function that can be used to map data of arbitrary size to fixed-size values.  The values returned by a hash function are called hash values, hash codes, digests, or simply hashes.  Hash functions are extremely useful and appear in almost all information security applications.  A hash function is a mathematical function that converts a numerical input value into another compressed numerical value.  The input to the hash function is of arbitrary length but output is always of fixed length.
  • 14.
  • 15.  Public key can be distributed in 4 ways:  Public announcement,  Publicly available directory,  Public-key authority, and  Public-key certificates.  These are explained as following below.  Public Announcement: Here the public key is broadcasted to everyone.  Major weakness of this method is forgery.  Anyone can create a key claiming to be someone else and broadcast it.  Until forgery is discovered can masquerade as claimed user.
  • 16.
  • 17.  Publicly Available Directory: In this type, the public key is stored at a public directory.  Directories are trusted here, with properties like Participant Registration, access and allow to modify values at any time, contains entries like {name, public-key}.  Directories can be accessed electronically still vulnerable to forgery or tampering.
  • 18.  Public Key Authority: It is similar to the directory but, improve security by tightening control over distribution of keys from directory.  It requires users to know public key for the directory.  Whenever the keys are needed, a real-time access to directory is made by the user to obtain any desired public key securely.
  • 19.  Public Certification: This time authority provides a certificate (which binds identity to the public key) to allow key exchange without real-time access to the public authority each time.  The certificate is accompanied with some other info such as period of validity, rights of use etc.  All of this content is signed by the trusted Public-Key or Certificate Authority (CA) and it can be verified by anyone possessing the authority’s public-key.
  • 20.  The typical cryptographic protocols include the Secure Socket Layer Protocol (SSL) and its variant,Transport Layer Security Protocol (TLS), the Internet Key Exchange Protocol (IKE) and the Kerberos Authentication Protocol.  A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives.  A protocol describes how the algorithms should be used.  A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program  For example,Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTPS) connections.  It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public- key cryptography; and an application-level data transport function.  These three aspects have important interconnections.  StandardTLS does not have non-repudiation support.
  • 21.  Asymmetric Algorithm An algorithm in which the key used for encryption is different from that used for decryption. Also known as public key cryptography.Block Cipher An algorithm that encrypts data in blocks, commonly of 64 bits each.  CAST A 64-bit block cipher, developed in Canada by CarlisleAdams and StaffordTavares.  Cipher A cryptographic algorithm, i.e. a mathematical function used for encryption and decryption.  Clipper Originally the name for a tamper-resistant encryption chip designed by the U.S. National Security Agency for voice encryption.The chip has built-in key escrow features to facilitate wire-tapping.The term has subsequently been applied to further attempts by the US government to introduce key escrow provisions, the latest variation being the key recovery plan of October 1996, dubbed Clipper 4.
  • 22.  DES Digital Encryption Standard. A symmetric block cipher using a 56-bit key which was originally developed by the US National Institute of Standards and Technology (NIST) in 1977 as a standard encryption algorithm. In 1999, the Electronic Frontier Foundation (USA) developed a machine to demonstrate that DES could be broken in a few hours with a brute-force attack. Encryption using single DES is generally no longer considered to be secure. (SeeTriple DES)  Diffie-Hellman A public-key algorithm, invented in 1976.  DH/DSS A type of key used in PGP since version 5.0. Contains a Diffie-Hellman key of between 1024 and 4096 bits for encryption and a 1024-bit DSS key for digital signatures.  DSS Digital Signature Standard. A proposed standard for digital signatures using Digital Signature Algorithm.  Digital Signature An encrypted message digest which is appended to a plaintext or encrypted message to verify the identity of the sender. The signature is encrypted with the user's private key and can only be decrypted with the corresponding public key.The same key pairs may be used for signature and encryption purposes but separate key pairs for each purpose are usually recommended.
  • 23.  IDEA International Data Encryption Algorithm. It was introduced in 1992 as a potential alternative to DES and is regarded as very secure. It is a block cipher using a symmetric algorithm based on a 128 bit key. IDEA is the data encryption algorithm used in PGP.  Key A value that is used to encrypt or decrypt a message.  Key Escrow A concept that originated with the Clipper Chip program, by which a secret or private key is split and the two parts held by escrow agencies against the possibility that the key may be required for law enforcement surveillance or national security purposes.  Key Recovery A key escrow system which relies on a trusted party to recover a user's confidential keys for use by law enforcement or national security agencies acting under "proper authority".The trusted recovery party might in some cases be internal to the user's organization, but in all cases notice to surveillance targets that their key information had been released would be prohibited. Key recovery is central to the US government's new encryption policy announced in October 1996.  PGP A complete public-key cryptosystem for electronic messaging that has been released to the public domain. It was originally designed by Phil Zimmerman. It uses IDEA, CAST orTriple DES for actual data encryption and RSA (with up to 2048-bit key) or DH/DSS (with 1024-bit signature key and 4096-bit encryption key) for key management and digital signatures. The RSA or DH public key is used to encrypt the IDEA secret key as part of the message.
  • 24.  PKAF Public Key Authentication Framework. A system for authenticating digital signatures based on a hierarchy of trusted signatures.  Private Key The secret part of a a private key/public key pair used in public key cryptography. The Private Key is normally known only to the key owner. Messages are encrypted using the Public Key and decrypted using the Private Key. For digital signatures, however, a document is signed with a Private Key and authenticated with the corresponding Public Key.  Public Key Cryptography A concept first proposed by Diffie and Hellman in 1975 that has been largely responsible for opening up the science of cryptography for commercial use.The encryption key is made public but only the person who holds the corresponding private key can decrypt the message.  RSA The best known public key algorithm, named after its inventors: Rivest, Shamir and Adleman. RSA uses public and private keys that are functions of a pair of large prime numbers.The algorithm is best known for its application in PGP. It is patented in the USA only.  Steganography A method of hiding a secret message in another message, e.g. within a graphic image.  Symmetric Algorithm An encryption algorithm where the encryption key is the same as the decryption key, or where one key is easily calculated from the other.The sender and receiver have to agree on a key before they can communicate securely.  Triple DES A method of vastly increasing the security of DES by encrypting 3 times with different keys.
  • 25.  An email certificate is a digital file that is installed to your email application to enable secure email communication.  These certificates are known by many names — email security certificates, email encryption certificates, S/MIME certificates, etc. S/MIME, which stands for “secure/multipurpose internet mail extension,” is a certificate that allows users to digitally sign their email communications as well as encrypt the content and attachments included in them.  Not only does this authenticate the identity of the sender to the recipient, but it also protects the integrity of the email data before it is transmitted across the internet.
  • 26.  In a nutshell, an S/MIME email certificate allows you to:  Encrypt your emails so that only your intended recipient can access the content of the message.  Digitally sign your emails so the recipient can verify that the email was, in fact, sent by you and not a phisher posing as you.  The way that an email encryption certificate works is by using asymmetric encryption.  It uses a public key to encrypt the email and send it so that the recipient, who has the matching private key, can decrypt the entire message (and any attachments) automatically.  Asymmetric encryption is also what’s behind the SSL/TLS protocol as well as cryptocurrencies.
  • 27.  Transport Layer Security, and its now- deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network.  Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP.
  • 28.  Transport Layer Security, orTLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.  A primary use case ofTLS is encrypting the communication between web applications and servers, such as web browsers loading a website.  TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP).  In this article we will focus on the role ofTLS in web application security.  TLS was proposed by the Internet EngineeringTask Force (IETF), an international standards organization, and the first version of the protocol was published in 1999.  The most recent version isTLS 1.3, which was published in 2018.
  • 29.  In computing, Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.  It is used in virtual private networks.  The IP security (IPSec) is an Internet EngineeringTask Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality.  It also defines the encrypted, decrypted and authenticated packets.
  • 30.  IPsec can be used to do the following things:  To encrypt application layer data.  To provide security for routers sending routing data across the public internet.  To provide authentication without encryption, like to authenticate that the data originates from a known sender.  To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with aVirtual Private Network(VPN) connection.
  • 31.  DNSSEC stands for Domain Name System Security Extensions, and it is a technology used to protect information on the Domain Name System (DNS) which is used on IP networks.  It provides authentication for the origin of the DNS data, helping to safeguard against attacks and protect data integrity.
  • 32.  Like many Internet protocols, the DNS system was not designed with security in mind and contains several design limitations.  These limitations, combined with advances in technology, have made it easy for attackers to hijack a DNS lookup for malicious purposes, such as sending a user to a fraudulent website that can distribute malware or collect personal information.  DNS Security Extensions (DNSSEC) is a security protocol created to mitigate this problem.  DNSSEC protects against attacks by digitally signing data to help ensure its validity.  In order to ensure a secure lookup, the signing must happen at every level in the DNS lookup process.
  • 33.  This signing process is similar to someone signing a legal document with a pen; that person signs with a unique signature that no one else can create, and a court expert can look at that signature and verify that the document was signed by that person.  These digital signatures ensure that data has not been tampered with.  DNSSEC implements a hierarchical digital signing policy across all layers of DNS.  For example, in the case of a ‘google.com’ lookup, a root DNS server would sign a key for the .COM nameserver, and the .COM nameserver would then sign a key for google.com’s authoritative nameserver.
  • 34.  While improved security is always preferred, DNSSEC is designed to be backwards-compatible to ensure that traditional DNS lookups still resolve correctly, albeit without the added security.  DNSSEC is meant to work with other security measures like SSL/TLS as part of a holistic Internet security strategy.  DNSSEC creates a parent-child train of trust that travels all the way up to the root zone.  This chain of trust cannot be compromised at any layer of DNS, or else the request will become open to an on-path attack.