This chapter discusses cryptographic tools used for encryption and authentication. Symmetric encryption uses a shared secret key to encrypt and decrypt messages, providing confidentiality. Public key encryption uses different public and private keys, allowing users to securely communicate and authenticate digitally. Secure hash functions and digital signatures provide message integrity and authentication without encryption. Random numbers are also important for generating keys and initializing encryption algorithms.
This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.
This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.
Securing Text Messages Application Using MEDZatulNadia
Implementing hybrid security algorithm in securing data.
-Introduction
-Problem statement
-Objective
-Process model
-Public key cryptosystem
-Data model
-Proposed model
-Encryption and decryption process
-Proof of concept
* netbeans 8.1 *xampp *database
*java programming language
-Expected results
*performance for key generation, encryption and decryption
*graph
-References
Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
Unit 1
Information System Security
(According RTU Syllabus)
1-Introduction to security attacks Services and mechanism
2-Classical encryption techniques
3-Cryptanalysis, stream and block ciphers
4- Modern Block Ciphers: Block ciphers principals
5- Shannon’s theory of confusion and diffusion
6- Fiestal structure
7- Data encryption standard(DES)
8- Differential and linear cryptanalysis of DES
9- Block cipher modes of operations.
10- Triple Data Encryption Standard (Triple-DES)
“Proposed Model for Network Security Issues Using Elliptical Curve Cryptography”IOSR Journals
Abstract: Elliptic Curve Cryptography (ECC) plays an important role in today’s public key based security
systems. . ECC is a faster and more secure method of encryption as compared to other Public Key
Cryptographic algorithms. This paper focuses on the performance advantages of using ECC in the wireless
network. So in this paper its algorithm has been implemented and analyzed for various bit length inputs. The
Private key is known only to sender and receiver and hence data transmission is secure.
Advanced Encryption Standard, Multiple Encryption and Triple DES, Block Cipher Modes of
operation, Stream Ciphers and RC4, Confidentiality using Symmetric Encryption, Introduction
to Number Theory: Prime Numbers, Fermat’s and Euler’s Theorems, Testing for Primality, The
Chinese Remainder Theorem, Discrete Logarithms, Public-Key Cryptography and RSA
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Securing Text Messages Application Using MEDZatulNadia
Implementing hybrid security algorithm in securing data.
-Introduction
-Problem statement
-Objective
-Process model
-Public key cryptosystem
-Data model
-Proposed model
-Encryption and decryption process
-Proof of concept
* netbeans 8.1 *xampp *database
*java programming language
-Expected results
*performance for key generation, encryption and decryption
*graph
-References
Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
Unit 1
Information System Security
(According RTU Syllabus)
1-Introduction to security attacks Services and mechanism
2-Classical encryption techniques
3-Cryptanalysis, stream and block ciphers
4- Modern Block Ciphers: Block ciphers principals
5- Shannon’s theory of confusion and diffusion
6- Fiestal structure
7- Data encryption standard(DES)
8- Differential and linear cryptanalysis of DES
9- Block cipher modes of operations.
10- Triple Data Encryption Standard (Triple-DES)
“Proposed Model for Network Security Issues Using Elliptical Curve Cryptography”IOSR Journals
Abstract: Elliptic Curve Cryptography (ECC) plays an important role in today’s public key based security
systems. . ECC is a faster and more secure method of encryption as compared to other Public Key
Cryptographic algorithms. This paper focuses on the performance advantages of using ECC in the wireless
network. So in this paper its algorithm has been implemented and analyzed for various bit length inputs. The
Private key is known only to sender and receiver and hence data transmission is secure.
Advanced Encryption Standard, Multiple Encryption and Triple DES, Block Cipher Modes of
operation, Stream Ciphers and RC4, Confidentiality using Symmetric Encryption, Introduction
to Number Theory: Prime Numbers, Fermat’s and Euler’s Theorems, Testing for Primality, The
Chinese Remainder Theorem, Discrete Logarithms, Public-Key Cryptography and RSA
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
3. Symmetric Encryption
• The universal technique for providing confidentiality for
transmitted or stored data
• Also referred to as conventional encryption or single-key
encryption
• Two requirements for secure use:
• Need a strong encryption algorithm
• Sender and receiver must have obtained copies
of the secret key in a secure fashion and must
keep the key secure
4. Plaintext
input
Y = E[K, X] X = D[K, Y]
X
K K
Transmitted
ciphertext
Plaintext
output
Secret key shared by
sender and recipient
Secret key shared by
sender and recipient
Encryption algorithm
(e.g., DES)
Decryption algorithm
(reverse of encryption
algorithm)
Figure 2.1 Simplified Model of Symmetric Encryption
5. Attacking Symmetric
Encryption
Cryptanalytic Attacks Brute-Force Attacks
Rely on:
Nature of the algorithm
Some knowledge of the general
characteristics of the plaintext
Some sample plaintext-ciphertext
pairs
Exploits the characteristics of the
algorithm to attempt to deduce a
specific plaintext or the key being
used
If successful all future and past
messages encrypted with that
key are compromised
Try all possible keys on some
ciphertext until an intelligible
translation into plaintext is
obtained
On average half of all possible
keys must be tried to achieve
success
6. Table 2.1
Comparison of Three Popular Symmetric
Encryption Algorithms
DES Triple DES AES
Plaintext block size (bits) 64 64 128
Ciphertext block size (bits) 64 64 128
Key size (bits) 56 112 or 168 128, 192, or 256
DES = Data Encryption Standard
AES = Advanced Encryption Standard
7. Data Encryption Standard
(DES)
• Until recently was the most widely used
encryption scheme
• FIPS PUB 46
• Referred to as the Data Encryption
Algorithm (DEA)
• Uses 64 bit plaintext block and 56 bit key to
produce a 64 bit ciphertext block
Strength concerns:
• Concerns about the algorithm itself
• DES is the most studied encryption
algorithm in existence
• Concerns about the use of a 56-bit key
• The speed of commercial off-the-shelf processors
makes this key length woefully inadequate
8. Table 2.2
Average Time Required for Exhaustive Key Search
Key size
(bits) Cipher
Number of
Alternative
Keys
Time Required at 109
decryptions/s
Time Required
at 1013
decryptions/s
56 DES 256 ≈ 7.2 ´ 1016 255 ns = 1.125 years 1 hour
128
AES
2128 ≈ 3.4 ´ 1038 2127 ns = 5.3 ´ 1021
years
5.3 ´ 1017 years
168
Triple DES
2168 ≈ 3.7 ´ 1050 2167 ns = 5.8 ´ 1033
years
5.8 ´ 1029 years
192 AES 2192 ≈ 6.3 ´ 1057 2191 ns = 9.8 ´ 1040
years
9.8 ´ 1036 years
256 AES 2256 ≈ 1.2 ´ 1077 2255 ns = 1.8 ´ 1060
years
1.8 ´ 1056 years
9. Triple DES (3DES)
Repeats basic DES algorithm three times using either two
or three unique keys
First standardized for use in financial applications in ANSI
standard X9.17 in 1985
Attractions:
168-bit key length overcomes the vulnerability to brute-force
attack of DES
Underlying encryption algorithm is the same as in DES
Drawbacks:
Algorithm is sluggish in software
Uses a 64-bit block size
10. Advanced Encryption
Standard (AES)
Needed a
replacement for
3DES
3DES was not
reasonable for
long term use
NIST called for
proposals for a
new AES in 1997
Should have a security
strength equal to or
better than 3DES
Significantly improved
efficiency
Symmetric block
cipher
128 bit data and
128/192/256 bit keys
Selected
Rijndael in
November 2001
Published as
FIPS 197
11. Typically symmetric encryption is applied to a unit of data
larger than a single 64-bit or 128-bit block
Electronic codebook (ECB) mode is the simplest
approach to multiple-block encryption
Each block of plaintext is encrypted using the same key
Cryptanalysts may be able to exploit regularities in the plaintext
Modes of operation
Alternative techniques developed to increase the security of
symmetric block encryption for large sequences
Overcomes the weaknesses of ECB
12. Encrypt
Encryption
K
Figure 2.2 Types of Symmetric Encryption
b
b
b
b
P1
C1
P2
C2
b
b
Pn
Cn
Encrypt
K Encrypt
K
Decrypt
Decryption K
b
b
b
b
C1
P1
C2
P2
b
b
Cn
Pn
Decrypt
(a) Block cipher encryption (electronic codebook mode)
(b) Stream encryption
K Decrypt
K
Pseudorandom byte
generator
(key stream generator)
Plaintext
byte stream
M
Key
K
Key
K
k k
Plaintext
byte stream
M
Ciphertext
byte stream
C
ENCRYPTION
Pseudorandom byte
generator
(key stream generator)
DECRYPTION
k
13. Block & Stream Ciphers
• Processes the input one block of elements at a time
• Produces an output block for each input block
• Can reuse keys
• More common
Block Cipher
• Processes the input elements continuously
• Produces output one element at a time
• Primary advantage is that they are almost always faster and
use far less code
• Encrypts plaintext one byte at a time
• Pseudorandom stream is one that is unpredictable without
knowledge of the input key
Stream Cipher
14. Message Authentication
Protects against
active attacks
Verifies received
message is
authentic
Can use
conventional
encryption
• Contents have not been
altered
• From authentic source
• Timely and in correct
sequence
• Only sender and receiver
share a key
15. Message Authentication
Without Confidentiality
• Message encryption by itself does not provide a secure form
of authentication
• It is possible to combine authentication and confidentiality in a
single algorithm by encrypting a message plus its
authentication tag
• Typically message authentication is provided as a separate
function from message encryption
• Situations in which message authentication without
confidentiality may be preferable include:
• There are a number of applications in which the same message is broadcast to a
number of destinations
• An exchange in which one side has a heavy load and cannot afford the time to
decrypt all incoming messages
• Authentication of a computer program in plaintext is an attractive service
• Thus, there is a place for both authentication and encryption
in meeting security requirements
18. Message
Message
Message
K
E
K
(a) Using symmetric encryption
Compare
D
H
H
H
H
H
Message
Message
Message
PRa
E
PUa
(b) Using public-key encryption
Compare
D
Message
Message
Message
(c) Using secret value
Compare
K
K
K
K
Source A Destination B
Figure 2.5 Message Authentication Using a One-Way Hash Function.
H
19. To be useful for message
authentication, a hash function H must have the
following properties:
Can be applied to a block of data of any size
Produces a fixed-length output
H(x) is relatively easy to compute for any given x
One-way or pre-image resistant
•Computationally infeasible to find x such that H(x) = h
Computationally infeasible to find y ≠ x such that H(y) = H(x)
Collision resistant or strong collision resistance
•Computationally infeasible to find any pair (x,y) such that H(x) = H(y)
20. Security of Hash Functions
There are two
approaches to
attacking a secure hash
function:
Cryptanalysis
• Exploit logical
weaknesses in the
algorithm
Brute-force attack
• Strength of hash
function depends solely
on the length of the
hash code produced by
the algorithm
SHA most widely used
hash algorithm
Additional secure hash
function applications:
Passwords
• Hash of a password is
stored by an operating
system
Intrusion detection
• Store H(F) for each file
on a system and secure
the hash values
21. Publicly
proposed by
Diffie and
Hellman in
1976
Based on
mathematical
functions
Asymmetric
•Uses two
separate keys
•Public key
and private
key
•Public key is
made public
for others to
use
Some form of
protocol is
needed for
distribution
22. Plaintext
Readable message or data that is fed into the algorithm as input
Encryption algorithm
Performs transformations on the plaintext
Public and private key
Pair of keys, one for encryption, one for decryption
Ciphertext
Scrambled message produced as output
Decryption key
Produces the original plaintext
23. User encrypts data using his or her own
private key
Anyone who knows the corresponding
public key will be able to decrypt the
message
Mike Bob
(a) Encryption with public key
Plaintext
input
Transmitted
ciphertext
Plaintext
output
Encryption algorithm
(e.g., RSA)
Decryption algorithm
Bob's private
key
Bob
Bob's public
key
Alice's
public key
ring
Joy
Ted
(b) Encryption with private key
X
PUb
PRb
Y = E[PRb, X]
X =
D[PUb, Y]
Figure 2.6 Public-Key Cryptography
Alice
Bob Alice
24. Algorithm Digital Signature Symmetric Key
Distribution
Encryption of
Secret Keys
RSA Yes Yes Yes
Diffie-Hellman No Yes No
DSS Yes No No
Elliptic Curve Yes Yes Yes
Table 2.3
Applications for Public-Key Cryptosystems
25. Computationally easy
to create key pairs
Computationally
easy for sender
knowing public key
to encrypt messages
Computationally
easy for receiver
knowing private key
to decrypt ciphertext
Computationally
infeasible for
opponent to determine
private key from public
key
Computationally
infeasible for
opponent to
otherwise recover
original message
Useful if either key
can be used for each
role
26. RSA (Rivest,
Shamir,
Adleman)
Developed in 1977
Most widely accepted and
implemented approach to
public-key encryption
Block cipher in which the
plaintext and ciphertext are
integers between 0 and n-1
for some n.
Diffie-Hellman
key exchange
algorithm
Enables two users to
securely reach agreement
about a shared secret that
can be used as a secret key
for subsequent symmetric
encryption of messages
Limited to the exchange of
the keys
Digital
Signature
Standard (DSS)
Provides only a digital
signature function with
SHA-1
Cannot be used for
encryption or key exchange
Elliptic curve
cryptography
(ECC)
Security like RSA, but with
much smaller keys
27. Digital Signatures
NIST FIPS PUB 186-4 defines a digital signature as:
”The result of a cryptographic transformation of data that,
when properly implemented, provides a mechanism for
verifying origin authentication, data integrity and signatory
non-repudiation.”
Thus, a digital signature is a data-dependent bit pattern, generated
by an agent as a function of a file, message, or other form of data
block
FIPS 186-4 specifies the use of one of three digital signature
algorithms:
Digital Signature Algorithm (DSA)
RSA Digital Signature Algorithm
Elliptic Curve Digital Signature Algorithm (ECDSA)
28. Figure 2.7 Simplified Depiction of Essential
Elements of Digital Signature Process
Bob Alice
Cryptographic
hash
function
h
Cryptographic
hash
function
h
Bob’s
private
key
Digital
signature
generation
algorithm
Bob’s
signature
for M
(a) Bob signs a message (b) Alice verifies the signature
Bob’s
public
key
Digital
signature
verification
algorithm
Return
signature valid
or not valid
Message M S
Message M
S
Message M
29. Unsigned certificate:
contains user ID,
user's public key,
as well as information
concerning the CA
Signed certificate
Figure 2.8 Public-Key Certificate Use
Generate hash
code of unsigned
certificate
Generate hash code
of certificate not
including signature
Generate digital signature
using CA's private key
H
H
Bob's ID
information
CA
information
Bob's public key
SG SV
Verify digital signature
using CA's public key
Return signature
valid or not valid
Use certificate to
verify Bob's public key
Create signed
digital certificate
31. Random
Numbers
Keys for public-key
algorithms
Stream key for symmetric
stream cipher
Symmetric key for use as a
temporary session key or in
creating a digital envelope
Handshaking to prevent
replay attacks
Session key
Uses include
generation of:
32. Random Number
Requirements
Randomness Unpredictability
Criteria:
Uniform distribution
Frequency of occurrence of
each of the numbers should
be approximately the same
Independence
No one value in the sequence
can be inferred from the
others
Each number is statistically
independent of other
numbers in the sequence
Opponent should not be
able to predict future
elements of the sequence
on the basis of earlier
elements
33. Random versus
Pseudorandom
Cryptographic applications typically make use of
algorithmic techniques for random number generation
•Algorithms are deterministic and therefore produce sequences of numbers
that are not statistically random
Pseudorandom numbers are:
•Sequences produced that satisfy statistical randomness tests
•Likely to be predictable
True random number generator (TRNG):
•Uses a nondeterministic source to produce randomness
•Most operate by measuring unpredictable natural processes
•e.g. radiation, gas discharge, leaky capacitors
•Increasingly provided on modern processors
34. Practical Application:
Encryption of Stored Data
Common to encrypt transmitted data
Much less common for stored data
There is often little protection
beyond domain
authentication and operating
system access controls
Data are archived for indefinite
periods
Even though erased, until
disk sectors are reused data
are recoverable
Approaches to encrypt stored data:
Use a commercially
available encryption
package
Back-end appliance
Library based tape
encryption
Background laptop/PC
data encryption
35. Summary
• Public-key encryption
Structure
Applications for public-key
cryptosystems
Requirements for public-key
cryptography
Asymmetric encryption algorithms
• Digital signatures and key
management
Digital signature
Public-key certificates
Symmetric key exchange using
public-key encryption
Digital envelopes
• Practical Application:
Encryption of Stored Data
• Confidentiality with
symmetric encryption
Symmetric encryption
Symmetric block encryption
algorithms
Stream ciphers
• Message authentication
and hash functions
Authentication using symmetric
encryption
Message authentication without
message encryption
Secure hash functions
Other applications of hash functions
• Random and
pseudorandom numbers
The use of random numbers
Random versus pseudorandom