The document provides an overview of public key infrastructure (PKI) and how it works. It explains foundational concepts like encryption, authentication, and digital signatures. It then discusses how PKI enables the use of public/private key cryptography to securely distribute keys and authenticate parties through the use of digital certificates verified by a certificate authority. The document covers common algorithms like RSA, ECC, AES, and hash functions and provides recommendations around implementing and securing a PKI.
- Cryptography and Security
- Methods of Encryption and Decryption
- What is an Algorithm?
- Symmetric Algorithm
- Asymmetric Algorithm
- Hybrid Encryption
- Hashing Algorithm
- Securing the Algorithm or the Key
- Hash Value and Rainbow Table
- Digital Signature
- PKI
- Cryptography and Security
- Methods of Encryption and Decryption
- What is an Algorithm?
- Symmetric Algorithm
- Asymmetric Algorithm
- Hybrid Encryption
- Hashing Algorithm
- Securing the Algorithm or the Key
- Hash Value and Rainbow Table
- Digital Signature
- PKI
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor.
A comparative study of symmetric key algorithm des, aes and blowfish for vide...pankaj kumari
Cryptography means storing and transmitting data or information in a particular form that allow to be kept secret.
Symmetric key cryptography:- Both sender and receiver share the secret key.The symmetric key is kept private.both parties use the same key for encryption and decryption.
Asymmetric key cryptography:- Asymmetric key cryptography uses public or private key for encryption and decryption.Public key is kept by publically and private is kept secret.sender use the public key to send message and receiver use the private or secret key to decrypt the message.
Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
As data security becomes of paramount importance, we are going to need to have a reasonable understanding of encryption and encryption techniques. We will discuss the different types of encryption techniques and understand the difference between hashing (one way encryption) and encryption (designed to be two way). We will look at what is industry best practice for encryption today, and why. We will also look at some issues relating to performance of encryption.
Encryption Deep Dive: Randomness, Entropy, RNG, PRNG, AES, AES Operational Modes, Data Rotations, Java Encryption APIs, Tradeoffs, challenges, Envelope Encryption, KMS, and much more on all things encryption.
o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor.
A comparative study of symmetric key algorithm des, aes and blowfish for vide...pankaj kumari
Cryptography means storing and transmitting data or information in a particular form that allow to be kept secret.
Symmetric key cryptography:- Both sender and receiver share the secret key.The symmetric key is kept private.both parties use the same key for encryption and decryption.
Asymmetric key cryptography:- Asymmetric key cryptography uses public or private key for encryption and decryption.Public key is kept by publically and private is kept secret.sender use the public key to send message and receiver use the private or secret key to decrypt the message.
Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
As data security becomes of paramount importance, we are going to need to have a reasonable understanding of encryption and encryption techniques. We will discuss the different types of encryption techniques and understand the difference between hashing (one way encryption) and encryption (designed to be two way). We will look at what is industry best practice for encryption today, and why. We will also look at some issues relating to performance of encryption.
Encryption Deep Dive: Randomness, Entropy, RNG, PRNG, AES, AES Operational Modes, Data Rotations, Java Encryption APIs, Tradeoffs, challenges, Envelope Encryption, KMS, and much more on all things encryption.
o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.
Basic security principles for information systems development/deployment. Information security is concerned with the confidentiality, integrity, and availability of information. From these three 'pillars', the following principles must be applied when implementing and maintaining an information system: Accountability.
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Triandopoulos of RSA Laboratories and catherine Hart and Ari Juels of Bell Canada
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
1. Public Key Infrastructure
– tell me in plain English AND THEN
deep technical how PKI works
Steve Lamb
stephlam@microsoft.com
http://blogs.technet.com/steve_lamb
IT Pro Security Evangelist
Microsoft Ltd
2. Objectives
Demystify commonly used terminology
Explain how PKI works
Get you playing with PKI in the lab
Make some simple recommendations
3. Agenda
Foundational Concept (level 200)
PKI and Signatures (level 330)
Recommendations (level 310)
Reference material
Common Algorithms (level 360)
4. What can PKI enable?
Secure Email – sign and/or encrypt messages
Secure browsing – SSL – authentication and encryption
Secure code – authenticode
Secure wireless – PEAP & EAP-TLS
Secure documents – Rights Management
Secure networks – segmentation via IPsec
Secure files – Encrypted File System(EFS)
6. Encryption vs. Authentication
Encrypted information cannot be automatically
trusted
You still need authentication
Which we can implement using encryption, of
course
7. Assets
What we are securing?
Data
Services (i.e. business etc. applications or their
individually accessible parts)
This session is not about securing:
People (sorry), cables, carpets, typewriters and
computers (!?)
Some assets are key assets
Passwords, private keys etc…
8. Digital Security as Extension of
Physical Security of Key Assets
Strong Physical
Security of KA
Weak Physical
Security of KA
Strong Physical
Security of KA
Strong Digital
Security
Strong Digital
Security
Weak Digital
Security
Good Security
Everywhere
Insecure
Environment
Insecure
Environment
9. Remember CP and CPS!
“The Certification Practice & Certification
Practice Statement (CP/CPS) is a formal
statement that describes who may have
certificates, how certificates are generated and
what they may be used for.”
http://www.nhsia.nhs.uk/pathology/pages/docum
ents/cp_cps.doc
10. Symmetric Key Cryptography
Plain-text input
Plain-text output
“AxCv;5bmEseTfid3)
fGsmWe#4^,sdgfMwi
r3:dkJeTsY8Rs@!q3
%”
“The quick
brown fox
jumps over
the lazy
dog”
Cipher-text
“The quick
brown fox
jumps over
the lazy
dog”
Encryption
Decryption
Same key
(shared secret)
11. Symmetric Pros and Cons
Strength:
Simple and really very fast (order of 1000 to 10000
faster than asymmetric mechanisms)
Super-fast (and somewhat more secure) if done in
hardware (DES, Rijndael)
Weakness:
Must agree the key beforehand
Securely pass the key to the other party
12. Public Key Cryptography
Knowledge of the encryption key doesn’t give
you knowledge of the decryption key
Receiver of information generates a pair of keys
Publish the public key in a directory
Then anyone can send him messages that only
she can read
13. Public Key Encryption
Clear-text Input
Cipher-text
“Py75c%bn&*)9|fDe^
bDFaq#xzjFr@g5=&n
mdFg$5knvMd’rkveg
Ms”
“The quick
brown fox
jumps over
the lazy
dog”
Clear-text Output
“The quick
brown fox
jumps over
the lazy
dog”
Encryption
public
Recipient’s
public key
Decryption
Different keys
private
Recipient’s
private key
14. Public Key Pros and Cons
Weakness:
Extremely slow
Susceptible to “known ciphertext” attack
Problem of trusting public key (see later on PKI)
Strength
Solves problem of passing the key
Allows establishment of trust context between
parties
15. Hybrid Encryption (Real World)
Launch key
for nuclear
missile
“RedHeat”
is...
Symmetric
encryption
(e.g. DES)
Symmetric key
encrypted asymmetrically
(e.g., RSA)
RNG
Digital
Envelope
As above, repeated
for other recipients
or recovery agents
User’s
public key
(in certificate)
RandomlyGenerated
symmetric
“session” key
*#$fjda^j
u539!3t
t389E *&@
5e%32^kd
Digital
Envelope
Other recipient’s or
agent’s public key
(in certificate)
in recovery policy
16. Hybrid Decryption
*#$fjda^j
u539!3t
t389E *&@
5e%32^kd
Launch key
for nuclear
missile
“RedHeat”
is...
Symmetric
decryption
(e.g. DES)
Symmetric
“session” key
Recipient’s
private key
Asymmetric
decryption of
“session” key (e.g. RSA)
Digital envelope
contains “session”
key encrypted
using recipient’s
public key
Digital
Envelope
Session key must be
decrypted using the
recipient’s private
key
18. Public Key Distribution Problem
We just solved the problem of symmetric key distribution
by using public/private keys
But…
Scott creates a keypair (private/public) and quickly tells
the world that the public key he published belongs to Bill
People send confidential stuff to Bill
Bill does not have the private key to read them…
Scott reads Bill’s messages
20. Creating a Digital Signature
Message or File
128 bits
Message Digest
This is a
really long
message
about
Bill’s…
Digital Signature
Jrf843kjfgf*
£$&Hdif*7o
Usd*&@:<C
HDFHSD(**
Py75c%bn&*)9|fDe^b
DFaq#xzjFr@g5=&n
mdFg$5knvMd’rkveg
Ms”
Hash
Function
(SHA, MD5)
Calculate a short
message digest from
even a long input
using a one-way
message digest
function (hash)
Asymmetric
Encryption
private
Signatory’s
private key
21. Verifying a Digital Signature
Digital Signature
Jrf843kjf
gf*£$&Hd
if*7oUsd
*&@:<CHD
FHSD(**
Asymmetric
decryption
(e.g. RSA)
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMd’rkvegMs”
? == ?
Signatory’s
public key
Everyone has
access to trusted
public key of the
signatory
Are They Same?
Same hash function
(e.g. MD5, SHA…)
This is a
really long
message
about Bill’s…
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMd’rkvegMs”
Original Message
22. Word About Smartcards
Some smartcards are “dumb”, i.e. they are only a
memory chip
Not recommended for storing a private key used in a challenge
test (verifying identity)
Anyway, they are still better than leaving keys on a floppy disk
or on the hard drive
Cryptographically-enabled smartcards are more
expensive but they give much more security
Private key is secure and used as needed
Additional protection (password, biometrics) is possible
Hardware implements some algorithms
Self-destruct is possible
23. Recommendations
Don’t be scared of PKI!
Set up a test environment to enable hyou to
“play”
Minimise the scope of your first implementation
Read up on CP & CPS
Document the purpose and operating
procedures of your PKI
24. Summary
Cryptography is a rich and amazingly mature
field
We all rely on it, everyday, with our lives
Know the basics and make good choices
avoiding common pitfalls
Plan your PKI early
Avoid very new and unknown solutions
Certificate Policy
Certification Practises statement
25. References
Visit www.microsoft.com/security
Read sci.crypt (incl. archives)
Attend SEC499 for “Encryption in Detail” on Friday at
14.45 in Room 1
For more detail, read:
Cryptography: An Introduction, N. Smart, McGraw-Hill, ISBN 0-07-709987-7
Practical Cryptography, N. Ferguson & B. Schneier, Wiley, ISBN 0-471-22357-3
Contemporary Cryptography, R. Oppliger, Artech House, ISBN 1-58053-642-5
(to be published May 2005, see
http://www.esecurity.ch/Books/cryptography.html)
Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-11709-9
Handbook of Applied Cryptography, A.J. Menezes, CRC Press, ISBN 0-84938523-7, www.cacr.math.uwaterloo.ca/hac (free PDF)
PKI, A. Nash et al., RSA Press, ISBN 0-07-213123-3
Foundations of Cryptography, O. Goldereich,
www.eccc.uni-trier.de/eccc-local/ECCC-Books/oded_book_readme.html
Cryptography in C and C++, M. Welschenbach, Apress,
ISBN 1-893115-95-X (includes code samples CD)
28. DES, IDEA, RC2, RC5, Twofish
Symmetric
DES (Data Encryption Standard) is still the most popular
Keys very short: 56 bits
Brute-force attack took 3.5 hours on a machine costing US$1m in
1993. Today it is done real-time
Triple DES (3DES) more secure, but better options about
Just say no, unless value of data is minimal
IDEA (International Data Encryption Standard)
Deceptively similar to DES, and “not” from NSA
128 bit keys
RC2 & RC5 (by R. Rivest)
RC2 is older and RC5 newer (1994) - similar to DES and IDEA
Blowfish, Twofish
B. Schneier’s replacement for DES, followed by Twofish, one of the
NIST competition finalists
29. Rijndael (AES)
Standard replacement for DES for US government, and,
probably for all of us as a result…
Winner of the AES (Advanced Encryption Standard)
competition run by NIST (National Institute of Standards and
Technology in US) in 1997-2000
Comes from Europe (Belgium) by Joan Daemen and Vincent
Rijmen. “X-files” stories less likely (unlike DES).
Symmetric block-cipher (128, 192 or 256 bits) with
variable keys (128, 192 or 256 bits, too)
Fast and a lot of good properties, such as good immunity
from timing and power (electric) analysis
Construction, again, deceptively similar to DES (Sboxes, XORs etc.) but really different
30. CAST and GOST
CAST
Canadians Carlisle Adams & Stafford Tavares
64 bit key and 64 bit of data
Chose your S-boxes
Seems resistant to differential & linear cryptanalysis and only
way to break is brute force (but key is a bit short!)
GOST
Soviet Union’s “version” of DES but with a clearer design and
many more repetitions of the process
256 bit key but really 610 bits of secret, so pretty much “tank
quality”
Backdoor? Who knows…
31. Careful with Streams!
Do NOT use a block cipher in a loop
Use a crypto-correct technique for treating
streams of data, such as CBC (Cipher Block
Chaining)
For developers:
.NET Framework implements it as ICryptoTransform on a
crypto stream with any supported algorithm
32. RC4
Symmetric
Fast, streaming encryption
R. Rivest in 1994
Originally secret, but “published” on sci.crypt
Related to “one-time pad”, theoretically most secure
But!
It relies on a really good random number generator
And that is the problem
Nowadays, we tend to use block ciphers in modes of
operation that work for streams
33. RSA, DSA, ElGamal, ECC
Asymmetric
Very slow and computationally expensive – need a computer
Very secure
Rivest, Shamir, Adleman – 1978
Popular and well researched
Strength in today’s inefficiency to factorise into prime numbers
Some worries about key generation process in some implementations
DSA (Digital Signature Algorithm) – NSA/NIST thing
Only for digital signing, not for encryption
Variant of Schnorr and ElGamal sig algorithm
ElGamal
Relies on complexity of discrete logarithms
ECC (Elliptic Curve Cryptography)
Really hard maths and topology
Improves RSA (and others)
34. Quantum Cryptography
Method for generating and passing a secret key or a random stream
Not for passing the actual data, but that’s irrelevant
Polarisation of light (photons) can be detected only in a way that
destroys the “direction” (basis)
So if someone other than you observes it, you receive nothing useful
and you know you were bugged
Perfectly doable over up-to-120km dedicated long fibre-optic link
Seems pretty perfect, if a bit tedious and slow
Practical implementations still use AES/DES etc. for actual encryption
Magiq QPN: http://www.magiqtech.com/press/qpn.pdf
Don’t confuse it with quantum computing, which won’t be with us for
at least another 50 years or so, or maybe longer…
35. MD5, SHA
Hash functions – not encryption at all!
Goals:
Not reversible: can’t obtain the message from its hash
Hash much shorter than original
Two messages won’t have the same hash
MD5 (R. Rivest)
512 bits hashed into 128
Mathematical model still unknown
But it resisted major attacks
SHA (Secure Hash Algorithm)
US standard based on MD5
36. Diffie-Hellman, “SSL”, Certs
Methods for key generation and exchange
DH is very clever since you always generate a new “keypair” for each asymmetric session
STS, MTI, and certs make it even safer
Certs (certificates) are the most common way to
exchange public keys
Foundation of Public Key Infrastructure (PKI)
SSL uses a protocol to exchange keys safely
See later
37. Cryptanalysis
Brute force
Good for guessing passwords, and some 40-bit symmetric keys (in
some cases needed only 27 attempts)
Frequency analysis
For very simple methods only (US mobiles)
Linear cryptanalysis
For stronger DES-like, needs 243 plain-cipher pairs
Differential cryptanalysis
Weaker DES-like, needs from 214 pairs
Power and timing analysis
Fluctuations in response times or power usage by CPU
38. Strong Systems
It is always a mixture! Changes all the time…
Symmetric:
AES, min. 128 bits for RC2 & RC5, 3DES, IDEA, carefully
analysed RC4, 256 bit better
Asymmetric:
RSA, ElGamal, Diffie-Hellman (for keys) with minimum 1024
bits (go for the maximum, typically 4096, if you can afford it)
Hash:
Either MD5 or SHA but with at least 128 bit results, 256 better
39. Weak Systems
Anything with 40-bits (including 128 and 56 bit versions
with the remainder “fixed”)
Most consider DES as fairly weak algorithm
CLIPPER
A5 (GSM mobile phones outside US)
Vigenère (US mobile phones)
Dates from 1585!
Unverified certs with no trust
Weak certs (as in many “class 1” personal certs)