SlideShare a Scribd company logo

IS413 Topic 5.pptx

Download as PPTX, PDF
W
WarrenPhiri4

The document provides an overview of public key encryption and related concepts. It discusses how public key encryption uses key pairs (public and private keys) to securely encrypt and decrypt messages. The main public key encryption algorithms covered are RSA, ElGamal, and elliptic curve cryptography. The document also discusses hash functions and their uses in message integrity and digital signatures. Common hashing algorithms like SHA, MD2, MD4, and MD5 are explained. The use of encryption for network security is covered, including IPsec, ISAKMP, and wireless security protocols like WEP and WPA/WPA2. Finally, various types of cryptographic attacks are defined.

1 of 28
IS413 Topic 5 ~ Public Key Encryption Warren Phiri
Introduction • Asymmetric key algorithms, also known as public key algorithms, provide a solution to the weaknesses of symmetric key encryption. • In these systems, each user has two keys: a public key, which is shared with all users, and a private key, which is kept secret and known only to the user. • But here’s a twist: opposite and related keys must be used in tandem to encrypt and decrypt. In other words, if the public key encrypts a message, then only the corresponding private key can decrypt it, and vice versa.
Public and Private Keys • Public key cryptosystems rely on pairs of keys assigned to each user of the cryptosystem. • Every user maintains both a public key and a private key. As the names imply, public key cryptosystem users make their public keys freely available to anyone with whom they want to communicate. • The mere possession of the public key by third parties does not introduce any weaknesses into the cryptosystem. • The private key, on the other hand, is reserved for the sole use of the individual who owns the keys. • It is never shared with any other cryptosystem user.
Public and Private Keys Cont. • Once the sender encrypts the message with the recipient’s public key, no user (including the sender) can decrypt that message without knowing the recipient’s private key (the second half of the public-private key pair used to generate the message). • This is the beauty of public key cryptography—public keys can be freely shared using unsecured communications and then used to create secure communications channels between users previously unknown to each other. • Public key cryptography entails a higher degree of computational complexity. • Keys used within public key systems must be longer than those used in private key systems to produce cryptosystems of equivalent strengths. • The following slides discuss the different public key cryptosystems
RSA • The most famous public key cryptosystem is named after its creators. • In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman proposed the RSA public key algorithm that remains a worldwide standard today. • The RSA algorithm depends on the computational difficulty inherent in factoring large prime numbers. • Each user of the cryptosystem generates a pair of public and private keys using the algorithm (refer to text for a detailed example)
El Gamal • In the last topic (4), we looked at how the Diffie-Hellman (DH) algorithm uses large integers and modular arithmetic to facilitate the secure exchange of secret keys over insecure communications channels. • In 1985, Dr. T. El Gamal published an article describing how the mathematical principles behind the DH key exchange algorithm could be extended to support an entire public key cryptosystem used for encrypting and decrypting messages. • At the time of its release, the major advantage of El Gamal over the RSA algorithm was that it was released into the public domain. Dr. El Gamal did not obtain a patent on his extension of DH, and it is freely available for use • The major disadvantage of the algorithm is that it doubles the length of any message it encrypts which is not ideal when encrypting long messages or data that will be transmitted over low bandwidth
Elliptic Curve • Also in 1985, two mathematicians, Neal Koblitz from the University of Washington and Victor Miller from IBM, independently proposed the application of elliptic curve cryptography (ECC) theory to develop secure cryptographic systems. • The mathematical concepts behind elliptic curve cryptography are quite complex and well beyond the scope of this course.
Hash Functions • Hash functions have a very simple purpose—they take a potentially long message and generate a unique output value derived from the content of the message. • This value is commonly referred to as the message digest. • Message digests can be generated by the sender of a message and transmitted to the recipient along with the full message for two reasons. i. The recipient can use the same hash function to re-compute the message digest from the full message. If the message digests do not match, that means the message was somehow modified while in transit. ii. The message digest can be used to implement a digital signature algorithm. More on digital signatures late in the topic
Hash Functions Cont. • According to RSA Security, there are five basic requirements for a cryptographic hash function: i. The input can be of any length. ii. The output has a fixed length. iii. The hash function is relatively easy to compute for any input. iv. The hash function is one-way (meaning that it is extremely hard to determine the input when provided with the output) v. The hash function is collision free (meaning that it is extremely hard to find two messages that produce the same hash value).
Common Hashing Algorithms: SHA • The Secure Hash Algorithm (SHA) and its successors, SHA-1 and SHA-2, are government standard hash functions developed by the National Institute of Standards and Technology (NIST) • SHA-1 takes an input of virtually any length and produces a 160-bit message digest. • The SHA-1 algorithm processes a message in 512-bit blocks, if the message length is not a multiple of 512, additional data is padded until the length reaches the next highest multiple of 512. • Recent cryptanalytic attacks demonstrated that there are weaknesses in the SHA-1 algorithm and led to the creation of SHA-2 • SHA-2 algorithms are considered secure, but they theoretically suffer from the same weakness as the SHA-1 algorithm
Common Hashing Algorithms: MD2 • The Message Digest 2 (MD2) hash algorithm was developed by Ronald Rivest (of RSA) in 1989 to provide a secure hash function for 8-bit processors. • MD2 pads the message so that its length is a multiple of 16 bytes. It then computes a 16-byte checksum and appends it to the end of the message. A 128-bit message digest is then generated by using the entire original message along with the appended checksum. • Cryptanalytic attacks exist against the MD2 algorithm. If the checksum is not appended to the message before digest computation, collisions may occur. • It was later proven that MD2 is not a one-way function. Therefore, it should no longer be used
Common Hashing Algorithms: MD4 • In 1990, Rivest enhanced his message digest algorithm to support 32-bit processors and increase the level of security known as MD4. • It first pads the message to ensure that the message length is 64 bits smaller than a multiple of 512 bits. • The MD4 algorithm then processes 512-bit blocks of the message in three rounds of computation. The final output is a 128-bit message digest. • There are several papers documenting flaws in the full version of MD4 as well as improperly implemented versions of MD4. • It was found that a modern PC could be used to find collisions for MD4 message digests in less than one minute. For this reason, MD4 is no longer considered to be a secure hashing algorithm, and its use should be avoided if at all possible.
Common Hashing Algorithms: MD5 • In 1991, Rivest released the next version of his message digest algorithm, which he called MD5. • It also processes 512-bit blocks of the message, but it uses four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms (128 bits). • MD5 implements additional security features that reduce the speed of message digest production significantly. • Unfortunately, recent cryptanalytic attacks demonstrated that the MD5 protocol is subject to collisions, preventing its use for ensuring message integrity. • In 2005, it was found that it is possible to create two digital certificates from different public keys that have the same MD5 hash.
Digital Signatures • Once you have chosen a cryptographically sound hashing algorithm, you can use it to implement a digital signature system. Digital signature infrastructures have two distinct goals: i. Digitally signed messages assure the recipient that the message truly came from the claimed sender. They enforce nonrepudiation ii. Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient. This protects against both malicious modification and unintentional modification • Digital signature algorithms rely on a combination of the two major concepts already covered in this topic—public key cryptography and hashing functions.
HMAC • The Hashed Message Authentication Code (HMAC) algorithm implements a partial digital signature—it guarantees the integrity of a message during transmission, but it does not provide for nonrepudiation. • HMAC can be combined with any standard message digest generation algorithm, such as SHA-2, by using a shared secret key. This means, only communicating parties who know the key can generate or verify the digital signature. • Because HMAC relies on a shared secret key, it does not provide any nonrepudiation functionality. However, it operates in a more efficient manner than the digital signature standard (next slide) for applications in which symmetric key cryptography is appropriate.
Digital Signature Standard • The National Institute of Standards and Technology specifies the digital signature algorithms acceptable for federal government use in Federal Information Processing Standard (FIPS) 186-4, also known as the Digital Signature Standard (DSS) which emphasizes that all federally approved digital signature algorithms must use the SHA-2 hashing functions. • DSS also specifies the encryption algorithms that can be used to support a digital signature infrastructure. There are three currently approved standard encryption algorithms: i. The Digital Signature Algorithm (DSA) ii. The Rivest, Shamir, Adleman (RSA) algorithm iii. The Elliptic Curve DSA (ECDSA)
Network Security Through Encryption • When it comes to encryption, one of the main issues that security practitioners are concerned with is the use of cryptographic algorithms to provide secure networking services. • The following slides will look at some of the providing Network Security using encryption
Circuit Encryption • Security administrators use two types of encryption techniques to protect data traveling over networks: i. Link encryption protects entire communications circuits by creating a secure tunnel between two points using either a hardware solution or a software solution that encrypts all traffic entering one end of the tunnel and decrypts all traffic entering the other end of the tunnel. ii. End-to-end encryption protects communications between two parties (for example, a client and a server) and is performed independently of link encryption. An example of end-to-end encryption would be the use of TLS (Transport Layer Security) to protect communications between a user and a web server. This protects against an intruder who might be monitoring traffic on the secure side of an encrypted link or traffic sent over an unencrypted link. • The critical difference between link and end-to-end encryption is that in link encryption, all the data, including the header, trailer, address, and routing data, is also encrypted. Therefore, each packet has to be decrypted at each hop so it can be properly routed to the next hop and then re-encrypted before it can be sent along its way, which slows the routing. End-to-end encryption does not encrypt the header, trailer, address, and routing data, so it moves faster from point to point but is more susceptible to sniffers and eavesdroppers.
IPsec • IPsec is a standard architecture set forth by the Internet Engineering Task Force (IETF) for setting up a secure channel to exchange information between two entities. • The entities communicating via IPsec could be two systems, two routers, two gateways, or any combination of entities (networks), but can also connect individual computers, such as a server and a workstation(s). • IPsec uses public key cryptography to provide encryption, access control, nonrepudiation, and message authentication, all using IP-based protocols. • The primary use of IPsec is for virtual private networks (VPNs), so IPsec can operate in either transport (only the packet payload is encrypted) or tunnel mode (the entire packet, including the header, is encrypted).
IPsec Cont. • The IP Security (IPsec) protocol provides a complete infrastructure for secured network communications. IPsec has gained widespread acceptance and is now offered in a number of commercial operating systems out of the box. IPsec relies on security associations, and there are two main components: i. The Authentication Header (AH) provides assurances of message integrity and nonrepudiation. AH also provides authentication and access control and prevents replay attacks. ii. The Encapsulating Security Payload (ESP) provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attacks. • ESP also provides some limited authentication, but not to the degree of the AH. Though ESP is sometimes used without AH, it’s rare to see AH used without ESP.
ISAKMP • The Internet Security Association and Key Management Protocol (ISAKMP) provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations. • There are four basic requirements for ISAKMP, as set forth in Internet RFC 2408: i. Authenticate communicating peers ii. Create and manage security associations iii. Provide key generation mechanisms iv. Protect against threats (for example, replay and denial-of-service attacks)
Wireless Networking • There are two main types of wireless security: i. Wired Equivalent Privacy (WEP) which provides 64- and 128-bit encryption options to protect communications within the wireless LAN. Cryptanalysis has conclusively demonstrated that significant flaws exist in the WEP algorithm, making it possible to completely undermine the security of a WEP protected network within seconds. ii. WiFi Protected Access (WPA) improves on WEP encryption by implementing the Temporal Key Integrity Protocol (TKIP), eliminating the cryptographic weaknesses that undermined WEP. A further improvement to the technique, dubbed WPA2, adds AES cryptography. WPA2 provides secure algorithms appropriate for use on modern wireless networks.
Cryptographic Attacks • Just like any system, there are a number of attacks to defeat cryptosystems. It is important that we understand the threats posed by various cryptographic attacks to minimize the risks posed to your systems. Below are some of the common cryptographic attacks • Analytic Attack is an algebraic manipulation that attempts to reduce the complexity of the algorithm. It focus on the logic of the algorithm itself. • Implementation Attack is a type of attack that exploits weaknesses in the implementation of a cryptography system. It focuses on exploiting the software code, not just errors and flaws but the methodology employed to program the encryption system. • Statistical Attack exploits statistical weaknesses in a cryptosystem, such as floating-point errors and inability to produce truly random numbers. Statistical attacks attempt to find a vulnerability in the hardware or operating system hosting the cryptography application.
Cryptographic Attacks Cont. • Brute Force attacks are quite straightforward. Such an attack attempts every possible valid combination for a key or password. They involve using massive amounts of processing power to methodically guess the key used to secure cryptographic communications. • Frequency Analysis and the Ciphertext Only Attack In many cases, the only information you have at your disposal is the encrypted ciphertext message, a scenario known as the ciphertext only attack. In this case, one technique that proves helpful against simple ciphers is frequency analysis— counting the number of times each letter appears in the ciphertext. • Known Plaintext here, the attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext (the copy). This knowledge greatly assists the attacker in breaking weaker codes.
Cryptographic Attacks Cont. • Chosen Ciphertext the attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key. • Chosen Plaintext the attacker has the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm. • Meet in the Middle the attacker uses a known plaintext message. The plain text is then encrypted using every possible key (k1), and the equivalent ciphertext is decrypted using all possible keys (k2). When a match is found, the corresponding pair (k1, k2) represents both portions of the double encryption.
Cryptographic Attacks Cont. • Man in the Middle a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session). The attacker responds to the originator’s initialization requests and sets up a secure session with the originator. The attacker then establishes a second secure session with the intended recipient using a different key and posing as the originator. The attacker can then “sit in the middle” of the communication and read all traffic as it passes between the two parties. • Birthday is also known as a collision attack or reverse hash matching. It seeks to find flaws in the one-to-one nature of hashing functions. In this attack, the malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest, thereby maintaining the validity of the original digital signature.
Cryptographic Attacks Cont. • Replay The replay attack is used against cryptographic algorithms that don’t incorporate temporal protections. In this attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later “replays” the captured message to open a new session. This attack can be defeated by incorporating a time stamp and expiration period into each message.
The End

Recommended

CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20
jemtallon
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
ssuserd5e356
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
trilokchandra prakash
 
Encryption
EncryptionEncryption
Encryption
Vijay Kumar
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
Setiya Nugroho
 

Recommended

CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20
jemtallon
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
ssuserd5e356
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
trilokchandra prakash
 
Encryption
EncryptionEncryption
Encryption
Vijay Kumar
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
Setiya Nugroho
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 
Unit III Public Key Crypto Systems.pptx
Unit III Public Key Crypto Systems.pptxUnit III Public Key Crypto Systems.pptx
Unit III Public Key Crypto Systems.pptx
SayeeKumarMadhesh
 
Security
SecuritySecurity
Security
Sri Manakula Vinayagar Engineering College
 
Cryptography
CryptographyCryptography
Cryptography
Muhammad Shoaib Saleem
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
ams1ams11
 
Encryption pres
Encryption presEncryption pres
Encryption pres
MereySovet
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
Bitcoin Association of Australia
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Pa Van Tanku
 
security issue
security issuesecurity issue
security issue
JAINIK PATEL
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber security
Shruthi Reddy
 
multiple encryption in clouud computing
multiple encryption in clouud computingmultiple encryption in clouud computing
multiple encryption in clouud computing
Rauf Wani
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithm
eSAT Publishing House
 
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
zachdwg
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
omarShiekh1
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
SecurityTube.Net
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
editor1knowledgecuddle
 
H42063743
H42063743H42063743
H42063743
IJERA Editor
 
Security in Manets using Cryptography Algorithms
Security in Manets using Cryptography AlgorithmsSecurity in Manets using Cryptography Algorithms
Security in Manets using Cryptography Algorithms
IRJET Journal
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptx
KennedyKiplangat1
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 

More Related Content

Similar to IS413 Topic 5.pptx

Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 
Unit III Public Key Crypto Systems.pptx
Unit III Public Key Crypto Systems.pptxUnit III Public Key Crypto Systems.pptx
Unit III Public Key Crypto Systems.pptx
SayeeKumarMadhesh
 
Security
SecuritySecurity
Security
Sri Manakula Vinayagar Engineering College
 
Cryptography
CryptographyCryptography
Cryptography
Muhammad Shoaib Saleem
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
ams1ams11
 
Encryption pres
Encryption presEncryption pres
Encryption pres
MereySovet
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
Bitcoin Association of Australia
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Pa Van Tanku
 
security issue
security issuesecurity issue
security issue
JAINIK PATEL
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber security
Shruthi Reddy
 
multiple encryption in clouud computing
multiple encryption in clouud computingmultiple encryption in clouud computing
multiple encryption in clouud computing
Rauf Wani
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithm
eSAT Publishing House
 
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
zachdwg
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
omarShiekh1
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
SecurityTube.Net
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
editor1knowledgecuddle
 
H42063743
H42063743H42063743
H42063743
IJERA Editor
 
Security in Manets using Cryptography Algorithms
Security in Manets using Cryptography AlgorithmsSecurity in Manets using Cryptography Algorithms
Security in Manets using Cryptography Algorithms
IRJET Journal
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptx
KennedyKiplangat1
 

Similar to IS413 Topic 5.pptx (20)

Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
 
Unit III Public Key Crypto Systems.pptx
Unit III Public Key Crypto Systems.pptxUnit III Public Key Crypto Systems.pptx
Unit III Public Key Crypto Systems.pptx
 
Security
SecuritySecurity
Security
 
Cryptography
CryptographyCryptography
Cryptography
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
 
Encryption pres
Encryption presEncryption pres
Encryption pres
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
security issue
security issuesecurity issue
security issue
 
network and cyber security
network and cyber securitynetwork and cyber security
network and cyber security
 
multiple encryption in clouud computing
multiple encryption in clouud computingmultiple encryption in clouud computing
multiple encryption in clouud computing
 
Implementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithmImplementation of aes and blowfish algorithm
Implementation of aes and blowfish algorithm
 
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
Cryptographic Chronicles: Unveiling Definitions, Algorithms, Attacks, and App...
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
 
H42063743
H42063743H42063743
H42063743
 
Security in Manets using Cryptography Algorithms
Security in Manets using Cryptography AlgorithmsSecurity in Manets using Cryptography Algorithms
Security in Manets using Cryptography Algorithms
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptx
 

Recently uploaded

Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
ZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptxZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptx
dot55audits
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
ssuser13ffe4
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
haiqairshad
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
Himanshu Rai
 
B. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdfB. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdf
BoudhayanBhattachari
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
Solutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptxSolutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptx
spdendr
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
Nicholas Montgomery
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
สมใจ จันสุกสี
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
S. Raj Kumar
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
Jyoti Chand
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 

Recently uploaded (20)

Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
ZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptxZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptx
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
 
B. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdfB. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdf
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
Solutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptxSolutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptx
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 

IS413 Topic 5.pptx

  • 1. IS413 Topic 5 ~ Public Key Encryption Warren Phiri
  • 2. Introduction • Asymmetric key algorithms, also known as public key algorithms, provide a solution to the weaknesses of symmetric key encryption. • In these systems, each user has two keys: a public key, which is shared with all users, and a private key, which is kept secret and known only to the user. • But here’s a twist: opposite and related keys must be used in tandem to encrypt and decrypt. In other words, if the public key encrypts a message, then only the corresponding private key can decrypt it, and vice versa.
  • 3. Public and Private Keys • Public key cryptosystems rely on pairs of keys assigned to each user of the cryptosystem. • Every user maintains both a public key and a private key. As the names imply, public key cryptosystem users make their public keys freely available to anyone with whom they want to communicate. • The mere possession of the public key by third parties does not introduce any weaknesses into the cryptosystem. • The private key, on the other hand, is reserved for the sole use of the individual who owns the keys. • It is never shared with any other cryptosystem user.
  • 4. Public and Private Keys Cont. • Once the sender encrypts the message with the recipient’s public key, no user (including the sender) can decrypt that message without knowing the recipient’s private key (the second half of the public-private key pair used to generate the message). • This is the beauty of public key cryptography—public keys can be freely shared using unsecured communications and then used to create secure communications channels between users previously unknown to each other. • Public key cryptography entails a higher degree of computational complexity. • Keys used within public key systems must be longer than those used in private key systems to produce cryptosystems of equivalent strengths. • The following slides discuss the different public key cryptosystems
  • 5. RSA • The most famous public key cryptosystem is named after its creators. • In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman proposed the RSA public key algorithm that remains a worldwide standard today. • The RSA algorithm depends on the computational difficulty inherent in factoring large prime numbers. • Each user of the cryptosystem generates a pair of public and private keys using the algorithm (refer to text for a detailed example)
  • 6. El Gamal • In the last topic (4), we looked at how the Diffie-Hellman (DH) algorithm uses large integers and modular arithmetic to facilitate the secure exchange of secret keys over insecure communications channels. • In 1985, Dr. T. El Gamal published an article describing how the mathematical principles behind the DH key exchange algorithm could be extended to support an entire public key cryptosystem used for encrypting and decrypting messages. • At the time of its release, the major advantage of El Gamal over the RSA algorithm was that it was released into the public domain. Dr. El Gamal did not obtain a patent on his extension of DH, and it is freely available for use • The major disadvantage of the algorithm is that it doubles the length of any message it encrypts which is not ideal when encrypting long messages or data that will be transmitted over low bandwidth
  • 7. Elliptic Curve • Also in 1985, two mathematicians, Neal Koblitz from the University of Washington and Victor Miller from IBM, independently proposed the application of elliptic curve cryptography (ECC) theory to develop secure cryptographic systems. • The mathematical concepts behind elliptic curve cryptography are quite complex and well beyond the scope of this course.
  • 8. Hash Functions • Hash functions have a very simple purpose—they take a potentially long message and generate a unique output value derived from the content of the message. • This value is commonly referred to as the message digest. • Message digests can be generated by the sender of a message and transmitted to the recipient along with the full message for two reasons. i. The recipient can use the same hash function to re-compute the message digest from the full message. If the message digests do not match, that means the message was somehow modified while in transit. ii. The message digest can be used to implement a digital signature algorithm. More on digital signatures late in the topic
  • 9. Hash Functions Cont. • According to RSA Security, there are five basic requirements for a cryptographic hash function: i. The input can be of any length. ii. The output has a fixed length. iii. The hash function is relatively easy to compute for any input. iv. The hash function is one-way (meaning that it is extremely hard to determine the input when provided with the output) v. The hash function is collision free (meaning that it is extremely hard to find two messages that produce the same hash value).
  • 10. Common Hashing Algorithms: SHA • The Secure Hash Algorithm (SHA) and its successors, SHA-1 and SHA-2, are government standard hash functions developed by the National Institute of Standards and Technology (NIST) • SHA-1 takes an input of virtually any length and produces a 160-bit message digest. • The SHA-1 algorithm processes a message in 512-bit blocks, if the message length is not a multiple of 512, additional data is padded until the length reaches the next highest multiple of 512. • Recent cryptanalytic attacks demonstrated that there are weaknesses in the SHA-1 algorithm and led to the creation of SHA-2 • SHA-2 algorithms are considered secure, but they theoretically suffer from the same weakness as the SHA-1 algorithm
  • 11. Common Hashing Algorithms: MD2 • The Message Digest 2 (MD2) hash algorithm was developed by Ronald Rivest (of RSA) in 1989 to provide a secure hash function for 8-bit processors. • MD2 pads the message so that its length is a multiple of 16 bytes. It then computes a 16-byte checksum and appends it to the end of the message. A 128-bit message digest is then generated by using the entire original message along with the appended checksum. • Cryptanalytic attacks exist against the MD2 algorithm. If the checksum is not appended to the message before digest computation, collisions may occur. • It was later proven that MD2 is not a one-way function. Therefore, it should no longer be used
  • 12. Common Hashing Algorithms: MD4 • In 1990, Rivest enhanced his message digest algorithm to support 32-bit processors and increase the level of security known as MD4. • It first pads the message to ensure that the message length is 64 bits smaller than a multiple of 512 bits. • The MD4 algorithm then processes 512-bit blocks of the message in three rounds of computation. The final output is a 128-bit message digest. • There are several papers documenting flaws in the full version of MD4 as well as improperly implemented versions of MD4. • It was found that a modern PC could be used to find collisions for MD4 message digests in less than one minute. For this reason, MD4 is no longer considered to be a secure hashing algorithm, and its use should be avoided if at all possible.
  • 13. Common Hashing Algorithms: MD5 • In 1991, Rivest released the next version of his message digest algorithm, which he called MD5. • It also processes 512-bit blocks of the message, but it uses four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms (128 bits). • MD5 implements additional security features that reduce the speed of message digest production significantly. • Unfortunately, recent cryptanalytic attacks demonstrated that the MD5 protocol is subject to collisions, preventing its use for ensuring message integrity. • In 2005, it was found that it is possible to create two digital certificates from different public keys that have the same MD5 hash.
  • 14. Digital Signatures • Once you have chosen a cryptographically sound hashing algorithm, you can use it to implement a digital signature system. Digital signature infrastructures have two distinct goals: i. Digitally signed messages assure the recipient that the message truly came from the claimed sender. They enforce nonrepudiation ii. Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient. This protects against both malicious modification and unintentional modification • Digital signature algorithms rely on a combination of the two major concepts already covered in this topic—public key cryptography and hashing functions.
  • 15. HMAC • The Hashed Message Authentication Code (HMAC) algorithm implements a partial digital signature—it guarantees the integrity of a message during transmission, but it does not provide for nonrepudiation. • HMAC can be combined with any standard message digest generation algorithm, such as SHA-2, by using a shared secret key. This means, only communicating parties who know the key can generate or verify the digital signature. • Because HMAC relies on a shared secret key, it does not provide any nonrepudiation functionality. However, it operates in a more efficient manner than the digital signature standard (next slide) for applications in which symmetric key cryptography is appropriate.
  • 16. Digital Signature Standard • The National Institute of Standards and Technology specifies the digital signature algorithms acceptable for federal government use in Federal Information Processing Standard (FIPS) 186-4, also known as the Digital Signature Standard (DSS) which emphasizes that all federally approved digital signature algorithms must use the SHA-2 hashing functions. • DSS also specifies the encryption algorithms that can be used to support a digital signature infrastructure. There are three currently approved standard encryption algorithms: i. The Digital Signature Algorithm (DSA) ii. The Rivest, Shamir, Adleman (RSA) algorithm iii. The Elliptic Curve DSA (ECDSA)
  • 17. Network Security Through Encryption • When it comes to encryption, one of the main issues that security practitioners are concerned with is the use of cryptographic algorithms to provide secure networking services. • The following slides will look at some of the providing Network Security using encryption
  • 18. Circuit Encryption • Security administrators use two types of encryption techniques to protect data traveling over networks: i. Link encryption protects entire communications circuits by creating a secure tunnel between two points using either a hardware solution or a software solution that encrypts all traffic entering one end of the tunnel and decrypts all traffic entering the other end of the tunnel. ii. End-to-end encryption protects communications between two parties (for example, a client and a server) and is performed independently of link encryption. An example of end-to-end encryption would be the use of TLS (Transport Layer Security) to protect communications between a user and a web server. This protects against an intruder who might be monitoring traffic on the secure side of an encrypted link or traffic sent over an unencrypted link. • The critical difference between link and end-to-end encryption is that in link encryption, all the data, including the header, trailer, address, and routing data, is also encrypted. Therefore, each packet has to be decrypted at each hop so it can be properly routed to the next hop and then re-encrypted before it can be sent along its way, which slows the routing. End-to-end encryption does not encrypt the header, trailer, address, and routing data, so it moves faster from point to point but is more susceptible to sniffers and eavesdroppers.
  • 19. IPsec • IPsec is a standard architecture set forth by the Internet Engineering Task Force (IETF) for setting up a secure channel to exchange information between two entities. • The entities communicating via IPsec could be two systems, two routers, two gateways, or any combination of entities (networks), but can also connect individual computers, such as a server and a workstation(s). • IPsec uses public key cryptography to provide encryption, access control, nonrepudiation, and message authentication, all using IP-based protocols. • The primary use of IPsec is for virtual private networks (VPNs), so IPsec can operate in either transport (only the packet payload is encrypted) or tunnel mode (the entire packet, including the header, is encrypted).
  • 20. IPsec Cont. • The IP Security (IPsec) protocol provides a complete infrastructure for secured network communications. IPsec has gained widespread acceptance and is now offered in a number of commercial operating systems out of the box. IPsec relies on security associations, and there are two main components: i. The Authentication Header (AH) provides assurances of message integrity and nonrepudiation. AH also provides authentication and access control and prevents replay attacks. ii. The Encapsulating Security Payload (ESP) provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attacks. • ESP also provides some limited authentication, but not to the degree of the AH. Though ESP is sometimes used without AH, it’s rare to see AH used without ESP.
  • 21. ISAKMP • The Internet Security Association and Key Management Protocol (ISAKMP) provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations. • There are four basic requirements for ISAKMP, as set forth in Internet RFC 2408: i. Authenticate communicating peers ii. Create and manage security associations iii. Provide key generation mechanisms iv. Protect against threats (for example, replay and denial-of-service attacks)
  • 22. Wireless Networking • There are two main types of wireless security: i. Wired Equivalent Privacy (WEP) which provides 64- and 128-bit encryption options to protect communications within the wireless LAN. Cryptanalysis has conclusively demonstrated that significant flaws exist in the WEP algorithm, making it possible to completely undermine the security of a WEP protected network within seconds. ii. WiFi Protected Access (WPA) improves on WEP encryption by implementing the Temporal Key Integrity Protocol (TKIP), eliminating the cryptographic weaknesses that undermined WEP. A further improvement to the technique, dubbed WPA2, adds AES cryptography. WPA2 provides secure algorithms appropriate for use on modern wireless networks.
  • 23. Cryptographic Attacks • Just like any system, there are a number of attacks to defeat cryptosystems. It is important that we understand the threats posed by various cryptographic attacks to minimize the risks posed to your systems. Below are some of the common cryptographic attacks • Analytic Attack is an algebraic manipulation that attempts to reduce the complexity of the algorithm. It focus on the logic of the algorithm itself. • Implementation Attack is a type of attack that exploits weaknesses in the implementation of a cryptography system. It focuses on exploiting the software code, not just errors and flaws but the methodology employed to program the encryption system. • Statistical Attack exploits statistical weaknesses in a cryptosystem, such as floating-point errors and inability to produce truly random numbers. Statistical attacks attempt to find a vulnerability in the hardware or operating system hosting the cryptography application.
  • 24. Cryptographic Attacks Cont. • Brute Force attacks are quite straightforward. Such an attack attempts every possible valid combination for a key or password. They involve using massive amounts of processing power to methodically guess the key used to secure cryptographic communications. • Frequency Analysis and the Ciphertext Only Attack In many cases, the only information you have at your disposal is the encrypted ciphertext message, a scenario known as the ciphertext only attack. In this case, one technique that proves helpful against simple ciphers is frequency analysis— counting the number of times each letter appears in the ciphertext. • Known Plaintext here, the attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext (the copy). This knowledge greatly assists the attacker in breaking weaker codes.
  • 25. Cryptographic Attacks Cont. • Chosen Ciphertext the attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key. • Chosen Plaintext the attacker has the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm. • Meet in the Middle the attacker uses a known plaintext message. The plain text is then encrypted using every possible key (k1), and the equivalent ciphertext is decrypted using all possible keys (k2). When a match is found, the corresponding pair (k1, k2) represents both portions of the double encryption.
  • 26. Cryptographic Attacks Cont. • Man in the Middle a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session). The attacker responds to the originator’s initialization requests and sets up a secure session with the originator. The attacker then establishes a second secure session with the intended recipient using a different key and posing as the originator. The attacker can then “sit in the middle” of the communication and read all traffic as it passes between the two parties. • Birthday is also known as a collision attack or reverse hash matching. It seeks to find flaws in the one-to-one nature of hashing functions. In this attack, the malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest, thereby maintaining the validity of the original digital signature.
  • 27. Cryptographic Attacks Cont. • Replay The replay attack is used against cryptographic algorithms that don’t incorporate temporal protections. In this attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later “replays” the captured message to open a new session. This attack can be defeated by incorporating a time stamp and expiration period into each message.