SlideShare a Scribd company logo

Basic Cryptography unit 4 CSS

Download as PPTX, PDF
Dr. SURBHI SAROHA, profile picture
Dr. SURBHI SAROHA

The document discusses various topics related to public key cryptography including: 1) Public key cryptography uses key pairs (public/private keys) to encrypt and decrypt messages securely. Private keys are kept secret while public keys can be openly distributed. 2) RSA is a commonly used public key cryptosystem that uses large prime numbers to encrypt data. It is considered secure if a large enough key is used. 3) Digital signatures authenticate messages by encrypting a hash of the message with the sender's private key, allowing verification with their public key.

Education
1 of 35
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Ms SURBHI SAROHA
 Public key cryptography  RSA public key crypto  Digital signature  Hash functions  Public key distribution  Real world protocols  Basic terminologies  Email security certificates  Transport Layer securityTLS  IP security  DNS security
 Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner.  The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions.  Effective security only requires keeping the private key private;  the public key can be openly distributed without compromising security.
 In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.  This allows, for instance, a server to generate a cryptographic key intended for symmetric-key cryptography, then use a client's openly- shared public key to encrypt that newly-generated symmetric key.  Now, the server can send this encrypted symmetric key on insecure channels to the client, and only the client can decrypt it using the client's private key pair to the public key used by the server to encrypt this message.  With the client and server both having the same symmetric key now, they can safely transition to symmetric key encryption to securely communicate back and forth on otherwise-insecure channels.  This has the advantage of not having to manually pre-share symmetric keys, while also gaining the higher data throughput advantage of symmetric-key cryptography over asymmetric key cryptography.
 With public-key cryptography, robust authentication is also possible.  A sender can combine a message with a private key to create a short digital signature on the message.  Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key.
Basic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSS
 RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data transmission.  It is also one of the oldest.The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.  An equivalent system was developed secretly, in 1973 at GCHQ (the British signals intelligence agency), by the English mathematician Clifford Cocks.That system was declassified in 1997.
 In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private).  An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value.  The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers.
 The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the "factoring problem".  Breaking RSA encryption is known as the RSA problem.  Whether it is as difficult as the factoring problem is an open question.  There are no published methods to defeat the system if a large enough key is used.  RSA is a relatively slow algorithm. Because of this, it is not commonly used to directly encrypt user data.  More often, RSA is used to transmit shared keys for symmetric key cryptography, which are then used for bulk encryption-decryption.
 A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.  A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.  A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
Basic Cryptography unit 4 CSS
 A hash function is any function that can be used to map data of arbitrary size to fixed-size values.  The values returned by a hash function are called hash values, hash codes, digests, or simply hashes.  Hash functions are extremely useful and appear in almost all information security applications.  A hash function is a mathematical function that converts a numerical input value into another compressed numerical value.  The input to the hash function is of arbitrary length but output is always of fixed length.
Basic Cryptography unit 4 CSS
 Public key can be distributed in 4 ways:  Public announcement,  Publicly available directory,  Public-key authority, and  Public-key certificates.  These are explained as following below.  Public Announcement: Here the public key is broadcasted to everyone.  Major weakness of this method is forgery.  Anyone can create a key claiming to be someone else and broadcast it.  Until forgery is discovered can masquerade as claimed user.
Basic Cryptography unit 4 CSS
 Publicly Available Directory: In this type, the public key is stored at a public directory.  Directories are trusted here, with properties like Participant Registration, access and allow to modify values at any time, contains entries like {name, public-key}.  Directories can be accessed electronically still vulnerable to forgery or tampering.
 Public Key Authority: It is similar to the directory but, improve security by tightening control over distribution of keys from directory.  It requires users to know public key for the directory.  Whenever the keys are needed, a real-time access to directory is made by the user to obtain any desired public key securely.
 Public Certification: This time authority provides a certificate (which binds identity to the public key) to allow key exchange without real-time access to the public authority each time.  The certificate is accompanied with some other info such as period of validity, rights of use etc.  All of this content is signed by the trusted Public-Key or Certificate Authority (CA) and it can be verified by anyone possessing the authority’s public-key.
 The typical cryptographic protocols include the Secure Socket Layer Protocol (SSL) and its variant,Transport Layer Security Protocol (TLS), the Internet Key Exchange Protocol (IKE) and the Kerberos Authentication Protocol.  A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives.  A protocol describes how the algorithms should be used.  A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program  For example,Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTPS) connections.  It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public- key cryptography; and an application-level data transport function.  These three aspects have important interconnections.  StandardTLS does not have non-repudiation support.
 Asymmetric Algorithm An algorithm in which the key used for encryption is different from that used for decryption. Also known as public key cryptography.Block Cipher An algorithm that encrypts data in blocks, commonly of 64 bits each.  CAST A 64-bit block cipher, developed in Canada by CarlisleAdams and StaffordTavares.  Cipher A cryptographic algorithm, i.e. a mathematical function used for encryption and decryption.  Clipper Originally the name for a tamper-resistant encryption chip designed by the U.S. National Security Agency for voice encryption.The chip has built-in key escrow features to facilitate wire-tapping.The term has subsequently been applied to further attempts by the US government to introduce key escrow provisions, the latest variation being the key recovery plan of October 1996, dubbed Clipper 4.
 DES Digital Encryption Standard. A symmetric block cipher using a 56-bit key which was originally developed by the US National Institute of Standards and Technology (NIST) in 1977 as a standard encryption algorithm. In 1999, the Electronic Frontier Foundation (USA) developed a machine to demonstrate that DES could be broken in a few hours with a brute-force attack. Encryption using single DES is generally no longer considered to be secure. (SeeTriple DES)  Diffie-Hellman A public-key algorithm, invented in 1976.  DH/DSS A type of key used in PGP since version 5.0. Contains a Diffie-Hellman key of between 1024 and 4096 bits for encryption and a 1024-bit DSS key for digital signatures.  DSS Digital Signature Standard. A proposed standard for digital signatures using Digital Signature Algorithm.  Digital Signature An encrypted message digest which is appended to a plaintext or encrypted message to verify the identity of the sender. The signature is encrypted with the user's private key and can only be decrypted with the corresponding public key.The same key pairs may be used for signature and encryption purposes but separate key pairs for each purpose are usually recommended.
 IDEA International Data Encryption Algorithm. It was introduced in 1992 as a potential alternative to DES and is regarded as very secure. It is a block cipher using a symmetric algorithm based on a 128 bit key. IDEA is the data encryption algorithm used in PGP.  Key A value that is used to encrypt or decrypt a message.  Key Escrow A concept that originated with the Clipper Chip program, by which a secret or private key is split and the two parts held by escrow agencies against the possibility that the key may be required for law enforcement surveillance or national security purposes.  Key Recovery A key escrow system which relies on a trusted party to recover a user's confidential keys for use by law enforcement or national security agencies acting under "proper authority".The trusted recovery party might in some cases be internal to the user's organization, but in all cases notice to surveillance targets that their key information had been released would be prohibited. Key recovery is central to the US government's new encryption policy announced in October 1996.  PGP A complete public-key cryptosystem for electronic messaging that has been released to the public domain. It was originally designed by Phil Zimmerman. It uses IDEA, CAST orTriple DES for actual data encryption and RSA (with up to 2048-bit key) or DH/DSS (with 1024-bit signature key and 4096-bit encryption key) for key management and digital signatures. The RSA or DH public key is used to encrypt the IDEA secret key as part of the message.
 PKAF Public Key Authentication Framework. A system for authenticating digital signatures based on a hierarchy of trusted signatures.  Private Key The secret part of a a private key/public key pair used in public key cryptography. The Private Key is normally known only to the key owner. Messages are encrypted using the Public Key and decrypted using the Private Key. For digital signatures, however, a document is signed with a Private Key and authenticated with the corresponding Public Key.  Public Key Cryptography A concept first proposed by Diffie and Hellman in 1975 that has been largely responsible for opening up the science of cryptography for commercial use.The encryption key is made public but only the person who holds the corresponding private key can decrypt the message.  RSA The best known public key algorithm, named after its inventors: Rivest, Shamir and Adleman. RSA uses public and private keys that are functions of a pair of large prime numbers.The algorithm is best known for its application in PGP. It is patented in the USA only.  Steganography A method of hiding a secret message in another message, e.g. within a graphic image.  Symmetric Algorithm An encryption algorithm where the encryption key is the same as the decryption key, or where one key is easily calculated from the other.The sender and receiver have to agree on a key before they can communicate securely.  Triple DES A method of vastly increasing the security of DES by encrypting 3 times with different keys.
 An email certificate is a digital file that is installed to your email application to enable secure email communication.  These certificates are known by many names — email security certificates, email encryption certificates, S/MIME certificates, etc. S/MIME, which stands for “secure/multipurpose internet mail extension,” is a certificate that allows users to digitally sign their email communications as well as encrypt the content and attachments included in them.  Not only does this authenticate the identity of the sender to the recipient, but it also protects the integrity of the email data before it is transmitted across the internet.
 In a nutshell, an S/MIME email certificate allows you to:  Encrypt your emails so that only your intended recipient can access the content of the message.  Digitally sign your emails so the recipient can verify that the email was, in fact, sent by you and not a phisher posing as you.  The way that an email encryption certificate works is by using asymmetric encryption.  It uses a public key to encrypt the email and send it so that the recipient, who has the matching private key, can decrypt the entire message (and any attachments) automatically.  Asymmetric encryption is also what’s behind the SSL/TLS protocol as well as cryptocurrencies.
 Transport Layer Security, and its now- deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network.  Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP.
 Transport Layer Security, orTLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.  A primary use case ofTLS is encrypting the communication between web applications and servers, such as web browsers loading a website.  TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP).  In this article we will focus on the role ofTLS in web application security.  TLS was proposed by the Internet EngineeringTask Force (IETF), an international standards organization, and the first version of the protocol was published in 1999.  The most recent version isTLS 1.3, which was published in 2018.
 In computing, Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.  It is used in virtual private networks.  The IP security (IPSec) is an Internet EngineeringTask Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality.  It also defines the encrypted, decrypted and authenticated packets.
 IPsec can be used to do the following things:  To encrypt application layer data.  To provide security for routers sending routing data across the public internet.  To provide authentication without encryption, like to authenticate that the data originates from a known sender.  To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with aVirtual Private Network(VPN) connection.
 DNSSEC stands for Domain Name System Security Extensions, and it is a technology used to protect information on the Domain Name System (DNS) which is used on IP networks.  It provides authentication for the origin of the DNS data, helping to safeguard against attacks and protect data integrity.
 Like many Internet protocols, the DNS system was not designed with security in mind and contains several design limitations.  These limitations, combined with advances in technology, have made it easy for attackers to hijack a DNS lookup for malicious purposes, such as sending a user to a fraudulent website that can distribute malware or collect personal information.  DNS Security Extensions (DNSSEC) is a security protocol created to mitigate this problem.  DNSSEC protects against attacks by digitally signing data to help ensure its validity.  In order to ensure a secure lookup, the signing must happen at every level in the DNS lookup process.
 This signing process is similar to someone signing a legal document with a pen; that person signs with a unique signature that no one else can create, and a court expert can look at that signature and verify that the document was signed by that person.  These digital signatures ensure that data has not been tampered with.  DNSSEC implements a hierarchical digital signing policy across all layers of DNS.  For example, in the case of a ‘google.com’ lookup, a root DNS server would sign a key for the .COM nameserver, and the .COM nameserver would then sign a key for google.com’s authoritative nameserver.
 While improved security is always preferred, DNSSEC is designed to be backwards-compatible to ensure that traditional DNS lookups still resolve correctly, albeit without the added security.  DNSSEC is meant to work with other security measures like SSL/TLS as part of a holistic Internet security strategy.  DNSSEC creates a parent-child train of trust that travels all the way up to the root zone.  This chain of trust cannot be compromised at any layer of DNS, or else the request will become open to an on-path attack.
Basic Cryptography unit 4 CSS

More Related Content

PPTX
Cryptography
Darshini Parikh
 
PPTX
Symmetric and Asymmetric Encryption
RapidSSLOnline.com
 
PPTX
Symmetric and asymmetric key
Triad Square InfoSec
 
PPTX
Cryptography
subodh pawar
 
PPTX
Cryptography
Sidharth Mohapatra
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPTX
Public Key Cryptosystem
Devakumar Kp
 
PPTX
Cryptography and network security
patisa
 
Cryptography
Darshini Parikh
 
Symmetric and Asymmetric Encryption
RapidSSLOnline.com
 
Symmetric and asymmetric key
Triad Square InfoSec
 
Cryptography
subodh pawar
 
Cryptography
Sidharth Mohapatra
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Public Key Cryptosystem
Devakumar Kp
 
Cryptography and network security
patisa
 

What's hot (20)

PPT
Introduction to Digital signatures
Rohit Bhat
 
PDF
Introduction to Cryptography
Seema Goel
 
PDF
Cryptography
Kalyani Government Engineering College
 
PPT
Digital Signature
saurav5884
 
PPT
13 asymmetric key cryptography
drewz lin
 
PPTX
Cryptography
jayashri kolekar
 
PDF
Cloud Security And Privacy
tmather
 
PPT
6. cryptography
7wounders
 
PDF
Transposition cipher
Antony Alex
 
PPT
Authentication Protocols
Trinity Dwarka
 
PPT
Cryptography and Network Security
Ramki M
 
PPTX
Cryptanalysis
Sou Jana
 
PPT
Fundamentals of cryptography
Hossain Md Shakhawat
 
PPTX
Cryptography
Jens Patel
 
PPTX
Web Security
Dipika Bambhaniya
 
PPTX
Cryptography.ppt
kusum sharma
 
PPT
Diffie-hellman algorithm
Computer_ at_home
 
PPT
Ch11 Basic Cryptography
Information Technology
 
PPT
Email Security : PGP & SMIME
Rohit Soni
 
PPT
Cryptography Intro
Christopher Martin
 
Introduction to Digital signatures
Rohit Bhat
 
Introduction to Cryptography
Seema Goel
 
Cryptography
Kalyani Government Engineering College
 
Digital Signature
saurav5884
 
13 asymmetric key cryptography
drewz lin
 
Cryptography
jayashri kolekar
 
Cloud Security And Privacy
tmather
 
6. cryptography
7wounders
 
Transposition cipher
Antony Alex
 
Authentication Protocols
Trinity Dwarka
 
Cryptography and Network Security
Ramki M
 
Cryptanalysis
Sou Jana
 
Fundamentals of cryptography
Hossain Md Shakhawat
 
Cryptography
Jens Patel
 
Web Security
Dipika Bambhaniya
 
Cryptography.ppt
kusum sharma
 
Diffie-hellman algorithm
Computer_ at_home
 
Ch11 Basic Cryptography
Information Technology
 
Email Security : PGP & SMIME
Rohit Soni
 
Cryptography Intro
Christopher Martin
 
Ad

Similar to Basic Cryptography unit 4 CSS (20)

PDF
Secure 3 kany-vanda
Vanda KANY
 
PPTX
Network security
ABHISHEK KUMAR
 
PPTX
Encryption techniques
MohitManna
 
PPT
Lecture 7 - CRYPTOGRAPHYpptof my presentation.ppt
FarooqKhurshid1
 
PDF
Computer security module 3
Deepak John
 
PPT
network security
SayantanRoy14
 
PPTX
Key distribution code.ppt
Prabhat Kumar
 
PPTX
Introduction to Cryptography CYB 303.pptx
Abolarinwa
 
PPTX
3 public key cryptography
Rutvik Mehta
 
PPTX
Cyptography and network security unit 3-1
AsrithaKorupolu
 
PPT
Cryptography
Learn 2 Be
 
PPT
Cryptography
amiable_indian
 
PPTX
Principles of public key cryptography and its Uses
Mohsin Ali
 
PDF
Achieving data integrity by forming the digital signature using RSA and SHA-1...
IOSR Journals
 
PPTX
CompTIASecPLUS-Part6 - UnlimitedEdited.pptx
mohedkhadar60
 
ODP
Applying Security Algorithms Using openSSL crypto library
Priyank Kapadia
 
PPT
Unit - 3.ppt
DHANABALSUBRAMANIAN
 
PPT
Crypt
Mir Majid
 
PPTX
Cryptography and network security
Nagendra Um
 
PPTX
CNS 3RD UNIT PPT.pptx
pjeraids
 
Secure 3 kany-vanda
Vanda KANY
 
Network security
ABHISHEK KUMAR
 
Encryption techniques
MohitManna
 
Lecture 7 - CRYPTOGRAPHYpptof my presentation.ppt
FarooqKhurshid1
 
Computer security module 3
Deepak John
 
network security
SayantanRoy14
 
Key distribution code.ppt
Prabhat Kumar
 
Introduction to Cryptography CYB 303.pptx
Abolarinwa
 
3 public key cryptography
Rutvik Mehta
 
Cyptography and network security unit 3-1
AsrithaKorupolu
 
Cryptography
Learn 2 Be
 
Cryptography
amiable_indian
 
Principles of public key cryptography and its Uses
Mohsin Ali
 
Achieving data integrity by forming the digital signature using RSA and SHA-1...
IOSR Journals
 
CompTIASecPLUS-Part6 - UnlimitedEdited.pptx
mohedkhadar60
 
Applying Security Algorithms Using openSSL crypto library
Priyank Kapadia
 
Unit - 3.ppt
DHANABALSUBRAMANIAN
 
Crypt
Mir Majid
 
Cryptography and network security
Nagendra Um
 
CNS 3RD UNIT PPT.pptx
pjeraids
 
Ad

More from Dr. SURBHI SAROHA (20)

PPTX
Deep learning(UNIT 3) BY Ms SURBHI SAROHA
Dr. SURBHI SAROHA
 
PPTX
MOBILE COMPUTING UNIT 2 by surbhi saroha
Dr. SURBHI SAROHA
 
PPTX
Mobile Computing UNIT 1 by surbhi saroha
Dr. SURBHI SAROHA
 
PPTX
DEEP LEARNING (UNIT 2 ) by surbhi saroha
Dr. SURBHI SAROHA
 
PPTX
Introduction to Deep Leaning(UNIT 1).pptx
Dr. SURBHI SAROHA
 
PPTX
Cloud Computing (Infrastructure as a Service)UNIT 2
Dr. SURBHI SAROHA
 
PPTX
Management Information System(Unit 2).pptx
Dr. SURBHI SAROHA
 
PPTX
Searching in Data Structure(Linear search and Binary search)
Dr. SURBHI SAROHA
 
PPTX
Management Information System(UNIT 1).pptx
Dr. SURBHI SAROHA
 
PPTX
Introduction to Cloud Computing(UNIT 1).pptx
Dr. SURBHI SAROHA
 
PPTX
JAVA (UNIT 5)
Dr. SURBHI SAROHA
 
PPTX
DBMS (UNIT 5)
Dr. SURBHI SAROHA
 
PPTX
DBMS UNIT 4
Dr. SURBHI SAROHA
 
PPTX
JAVA(UNIT 4)
Dr. SURBHI SAROHA
 
PPTX
OOPs & C++(UNIT 5)
Dr. SURBHI SAROHA
 
PPTX
OOPS & C++(UNIT 4)
Dr. SURBHI SAROHA
 
PPTX
DBMS UNIT 3
Dr. SURBHI SAROHA
 
PPTX
JAVA (UNIT 3)
Dr. SURBHI SAROHA
 
PPTX
Keys in dbms(UNIT 2)
Dr. SURBHI SAROHA
 
PPTX
DBMS (UNIT 2)
Dr. SURBHI SAROHA
 
Deep learning(UNIT 3) BY Ms SURBHI SAROHA
Dr. SURBHI SAROHA
 
MOBILE COMPUTING UNIT 2 by surbhi saroha
Dr. SURBHI SAROHA
 
Mobile Computing UNIT 1 by surbhi saroha
Dr. SURBHI SAROHA
 
DEEP LEARNING (UNIT 2 ) by surbhi saroha
Dr. SURBHI SAROHA
 
Introduction to Deep Leaning(UNIT 1).pptx
Dr. SURBHI SAROHA
 
Cloud Computing (Infrastructure as a Service)UNIT 2
Dr. SURBHI SAROHA
 
Management Information System(Unit 2).pptx
Dr. SURBHI SAROHA
 
Searching in Data Structure(Linear search and Binary search)
Dr. SURBHI SAROHA
 
Management Information System(UNIT 1).pptx
Dr. SURBHI SAROHA
 
Introduction to Cloud Computing(UNIT 1).pptx
Dr. SURBHI SAROHA
 
JAVA (UNIT 5)
Dr. SURBHI SAROHA
 
DBMS (UNIT 5)
Dr. SURBHI SAROHA
 
DBMS UNIT 4
Dr. SURBHI SAROHA
 
JAVA(UNIT 4)
Dr. SURBHI SAROHA
 
OOPs & C++(UNIT 5)
Dr. SURBHI SAROHA
 
OOPS & C++(UNIT 4)
Dr. SURBHI SAROHA
 
DBMS UNIT 3
Dr. SURBHI SAROHA
 
JAVA (UNIT 3)
Dr. SURBHI SAROHA
 
Keys in dbms(UNIT 2)
Dr. SURBHI SAROHA
 
DBMS (UNIT 2)
Dr. SURBHI SAROHA
 

Recently uploaded (20)

PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Pre independence Education in Inndia.pdf
goofy5603
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 

Basic Cryptography unit 4 CSS

  • 2.  Public key cryptography  RSA public key crypto  Digital signature  Hash functions  Public key distribution  Real world protocols  Basic terminologies  Email security certificates  Transport Layer securityTLS  IP security  DNS security
  • 3.  Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner.  The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions.  Effective security only requires keeping the private key private;  the public key can be openly distributed without compromising security.
  • 4.  In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.  This allows, for instance, a server to generate a cryptographic key intended for symmetric-key cryptography, then use a client's openly- shared public key to encrypt that newly-generated symmetric key.  Now, the server can send this encrypted symmetric key on insecure channels to the client, and only the client can decrypt it using the client's private key pair to the public key used by the server to encrypt this message.  With the client and server both having the same symmetric key now, they can safely transition to symmetric key encryption to securely communicate back and forth on otherwise-insecure channels.  This has the advantage of not having to manually pre-share symmetric keys, while also gaining the higher data throughput advantage of symmetric-key cryptography over asymmetric key cryptography.
  • 5.  With public-key cryptography, robust authentication is also possible.  A sender can combine a message with a private key to create a short digital signature on the message.  Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key.
  • 8.  RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data transmission.  It is also one of the oldest.The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.  An equivalent system was developed secretly, in 1973 at GCHQ (the British signals intelligence agency), by the English mathematician Clifford Cocks.That system was declassified in 1997.
  • 9.  In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private).  An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value.  The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers.
  • 10.  The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the "factoring problem".  Breaking RSA encryption is known as the RSA problem.  Whether it is as difficult as the factoring problem is an open question.  There are no published methods to defeat the system if a large enough key is used.  RSA is a relatively slow algorithm. Because of this, it is not commonly used to directly encrypt user data.  More often, RSA is used to transmit shared keys for symmetric key cryptography, which are then used for bulk encryption-decryption.
  • 11.  A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.  A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.  A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
  • 13.  A hash function is any function that can be used to map data of arbitrary size to fixed-size values.  The values returned by a hash function are called hash values, hash codes, digests, or simply hashes.  Hash functions are extremely useful and appear in almost all information security applications.  A hash function is a mathematical function that converts a numerical input value into another compressed numerical value.  The input to the hash function is of arbitrary length but output is always of fixed length.
  • 15.  Public key can be distributed in 4 ways:  Public announcement,  Publicly available directory,  Public-key authority, and  Public-key certificates.  These are explained as following below.  Public Announcement: Here the public key is broadcasted to everyone.  Major weakness of this method is forgery.  Anyone can create a key claiming to be someone else and broadcast it.  Until forgery is discovered can masquerade as claimed user.
  • 17.  Publicly Available Directory: In this type, the public key is stored at a public directory.  Directories are trusted here, with properties like Participant Registration, access and allow to modify values at any time, contains entries like {name, public-key}.  Directories can be accessed electronically still vulnerable to forgery or tampering.
  • 18.  Public Key Authority: It is similar to the directory but, improve security by tightening control over distribution of keys from directory.  It requires users to know public key for the directory.  Whenever the keys are needed, a real-time access to directory is made by the user to obtain any desired public key securely.
  • 19.  Public Certification: This time authority provides a certificate (which binds identity to the public key) to allow key exchange without real-time access to the public authority each time.  The certificate is accompanied with some other info such as period of validity, rights of use etc.  All of this content is signed by the trusted Public-Key or Certificate Authority (CA) and it can be verified by anyone possessing the authority’s public-key.
  • 20.  The typical cryptographic protocols include the Secure Socket Layer Protocol (SSL) and its variant,Transport Layer Security Protocol (TLS), the Internet Key Exchange Protocol (IKE) and the Kerberos Authentication Protocol.  A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives.  A protocol describes how the algorithms should be used.  A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program  For example,Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTPS) connections.  It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public- key cryptography; and an application-level data transport function.  These three aspects have important interconnections.  StandardTLS does not have non-repudiation support.
  • 21.  Asymmetric Algorithm An algorithm in which the key used for encryption is different from that used for decryption. Also known as public key cryptography.Block Cipher An algorithm that encrypts data in blocks, commonly of 64 bits each.  CAST A 64-bit block cipher, developed in Canada by CarlisleAdams and StaffordTavares.  Cipher A cryptographic algorithm, i.e. a mathematical function used for encryption and decryption.  Clipper Originally the name for a tamper-resistant encryption chip designed by the U.S. National Security Agency for voice encryption.The chip has built-in key escrow features to facilitate wire-tapping.The term has subsequently been applied to further attempts by the US government to introduce key escrow provisions, the latest variation being the key recovery plan of October 1996, dubbed Clipper 4.
  • 22.  DES Digital Encryption Standard. A symmetric block cipher using a 56-bit key which was originally developed by the US National Institute of Standards and Technology (NIST) in 1977 as a standard encryption algorithm. In 1999, the Electronic Frontier Foundation (USA) developed a machine to demonstrate that DES could be broken in a few hours with a brute-force attack. Encryption using single DES is generally no longer considered to be secure. (SeeTriple DES)  Diffie-Hellman A public-key algorithm, invented in 1976.  DH/DSS A type of key used in PGP since version 5.0. Contains a Diffie-Hellman key of between 1024 and 4096 bits for encryption and a 1024-bit DSS key for digital signatures.  DSS Digital Signature Standard. A proposed standard for digital signatures using Digital Signature Algorithm.  Digital Signature An encrypted message digest which is appended to a plaintext or encrypted message to verify the identity of the sender. The signature is encrypted with the user's private key and can only be decrypted with the corresponding public key.The same key pairs may be used for signature and encryption purposes but separate key pairs for each purpose are usually recommended.
  • 23.  IDEA International Data Encryption Algorithm. It was introduced in 1992 as a potential alternative to DES and is regarded as very secure. It is a block cipher using a symmetric algorithm based on a 128 bit key. IDEA is the data encryption algorithm used in PGP.  Key A value that is used to encrypt or decrypt a message.  Key Escrow A concept that originated with the Clipper Chip program, by which a secret or private key is split and the two parts held by escrow agencies against the possibility that the key may be required for law enforcement surveillance or national security purposes.  Key Recovery A key escrow system which relies on a trusted party to recover a user's confidential keys for use by law enforcement or national security agencies acting under "proper authority".The trusted recovery party might in some cases be internal to the user's organization, but in all cases notice to surveillance targets that their key information had been released would be prohibited. Key recovery is central to the US government's new encryption policy announced in October 1996.  PGP A complete public-key cryptosystem for electronic messaging that has been released to the public domain. It was originally designed by Phil Zimmerman. It uses IDEA, CAST orTriple DES for actual data encryption and RSA (with up to 2048-bit key) or DH/DSS (with 1024-bit signature key and 4096-bit encryption key) for key management and digital signatures. The RSA or DH public key is used to encrypt the IDEA secret key as part of the message.
  • 24.  PKAF Public Key Authentication Framework. A system for authenticating digital signatures based on a hierarchy of trusted signatures.  Private Key The secret part of a a private key/public key pair used in public key cryptography. The Private Key is normally known only to the key owner. Messages are encrypted using the Public Key and decrypted using the Private Key. For digital signatures, however, a document is signed with a Private Key and authenticated with the corresponding Public Key.  Public Key Cryptography A concept first proposed by Diffie and Hellman in 1975 that has been largely responsible for opening up the science of cryptography for commercial use.The encryption key is made public but only the person who holds the corresponding private key can decrypt the message.  RSA The best known public key algorithm, named after its inventors: Rivest, Shamir and Adleman. RSA uses public and private keys that are functions of a pair of large prime numbers.The algorithm is best known for its application in PGP. It is patented in the USA only.  Steganography A method of hiding a secret message in another message, e.g. within a graphic image.  Symmetric Algorithm An encryption algorithm where the encryption key is the same as the decryption key, or where one key is easily calculated from the other.The sender and receiver have to agree on a key before they can communicate securely.  Triple DES A method of vastly increasing the security of DES by encrypting 3 times with different keys.
  • 25.  An email certificate is a digital file that is installed to your email application to enable secure email communication.  These certificates are known by many names — email security certificates, email encryption certificates, S/MIME certificates, etc. S/MIME, which stands for “secure/multipurpose internet mail extension,” is a certificate that allows users to digitally sign their email communications as well as encrypt the content and attachments included in them.  Not only does this authenticate the identity of the sender to the recipient, but it also protects the integrity of the email data before it is transmitted across the internet.
  • 26.  In a nutshell, an S/MIME email certificate allows you to:  Encrypt your emails so that only your intended recipient can access the content of the message.  Digitally sign your emails so the recipient can verify that the email was, in fact, sent by you and not a phisher posing as you.  The way that an email encryption certificate works is by using asymmetric encryption.  It uses a public key to encrypt the email and send it so that the recipient, who has the matching private key, can decrypt the entire message (and any attachments) automatically.  Asymmetric encryption is also what’s behind the SSL/TLS protocol as well as cryptocurrencies.
  • 27.  Transport Layer Security, and its now- deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network.  Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP.
  • 28.  Transport Layer Security, orTLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.  A primary use case ofTLS is encrypting the communication between web applications and servers, such as web browsers loading a website.  TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP).  In this article we will focus on the role ofTLS in web application security.  TLS was proposed by the Internet EngineeringTask Force (IETF), an international standards organization, and the first version of the protocol was published in 1999.  The most recent version isTLS 1.3, which was published in 2018.
  • 29.  In computing, Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network.  It is used in virtual private networks.  The IP security (IPSec) is an Internet EngineeringTask Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality.  It also defines the encrypted, decrypted and authenticated packets.
  • 30.  IPsec can be used to do the following things:  To encrypt application layer data.  To provide security for routers sending routing data across the public internet.  To provide authentication without encryption, like to authenticate that the data originates from a known sender.  To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with aVirtual Private Network(VPN) connection.
  • 31.  DNSSEC stands for Domain Name System Security Extensions, and it is a technology used to protect information on the Domain Name System (DNS) which is used on IP networks.  It provides authentication for the origin of the DNS data, helping to safeguard against attacks and protect data integrity.
  • 32.  Like many Internet protocols, the DNS system was not designed with security in mind and contains several design limitations.  These limitations, combined with advances in technology, have made it easy for attackers to hijack a DNS lookup for malicious purposes, such as sending a user to a fraudulent website that can distribute malware or collect personal information.  DNS Security Extensions (DNSSEC) is a security protocol created to mitigate this problem.  DNSSEC protects against attacks by digitally signing data to help ensure its validity.  In order to ensure a secure lookup, the signing must happen at every level in the DNS lookup process.
  • 33.  This signing process is similar to someone signing a legal document with a pen; that person signs with a unique signature that no one else can create, and a court expert can look at that signature and verify that the document was signed by that person.  These digital signatures ensure that data has not been tampered with.  DNSSEC implements a hierarchical digital signing policy across all layers of DNS.  For example, in the case of a ‘google.com’ lookup, a root DNS server would sign a key for the .COM nameserver, and the .COM nameserver would then sign a key for google.com’s authoritative nameserver.
  • 34.  While improved security is always preferred, DNSSEC is designed to be backwards-compatible to ensure that traditional DNS lookups still resolve correctly, albeit without the added security.  DNSSEC is meant to work with other security measures like SSL/TLS as part of a holistic Internet security strategy.  DNSSEC creates a parent-child train of trust that travels all the way up to the root zone.  This chain of trust cannot be compromised at any layer of DNS, or else the request will become open to an on-path attack.