SlideShare a Scribd company logo

Cryptography

A
amiable_indian

Cryptography involves encrypting and decrypting information using algorithms and keys. There are two main types: public key cryptography uses different keys for encryption and decryption while private (symmetric) key cryptography uses the same key. Digital signatures provide authentication by encrypting a hash of a message with a private key so receivers can validate the sender. Key management and distribution present challenges to ensure secrecy and prevent unauthorized access.

TechnologyEducation
1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Cryptography Basic concepts and terms Public/Private Key Algorithms Key Distribution/Management Digital Signatures Miscellaneous Crypto
Crytpo Intro Why Encrypt? Protect stored information Protect Encryption - process by which plaintext is converted to ciphertext using a key Decryption - process by which ciphertext is converted to plaintext (with the appropriate key) plaintext (cleartext)- intelligible data
Crypto Terms Cryptography - art/science relating to encrypting, decrypting information cryptanalysis - art/science relating to converting ciphertext to plaintext without the (secret) key Link encryption - the individual application of encryption to data on each link of a network (nodes are a weak link) end-to-end encryption - the encryption of data from source system to end system (https)
Crypto Terms Repudiation - In communication between parties, Denial by one party of having participated in communication (commonly heard as non-repudiation) Traffic analysis - inference of information from analysis of traffic (presence, absence, frequency, etc.) Traffic padding - generation of spurious data units Work Factor - effort/time needed to overcome a protective measure
One - Time Pad Two identical pads (keys), one with sender, one with recipient The random pads (keys) are the same length as the message Unbreakable by exhaustive search Relies on physical security of the pads Pads can only be used once
Cryptanalysis Terms Ciphertext-only attack - attacker attempts to decrypt ciphertext Known-plaintext attack - attacker attempts to decrypt ciphertext given knowledge of some plaintext (think “Login: “) Chosen-plaintext attack - attacker obtains ciphertext corresponding to selected plaintext Chosen-ciphertext attack - attacker obtains plaintext corresponding to selected ciphertext (in a public key system, when trying to deduce private key)
Crypto System Properties Encryption/decryption transformations must be efficient for all keys System must be easy to use The security of the system should depend ONLY on the secrecy of the keys and not on the secrecy of the encryption/decryption transformations
Secrecy Requirements If ciphertext and plaintext are known, it should be computationally infeasible to determine the deciphering algorithm It should be computationally infeasible to systematically determine plaintext from intercepted ciphertext (Even if you decrypt ciphertext once, it should require the same amount of work to do it again.) Note: “systematically” allows for a lucky guess Note: “Computationally infeasible” means great effort, doesn’t account for advances in computing, mathematics
Authenticity Requirements If ciphertext and plaintext are known, it should be computationally infeasible to determine the enciphering algorithm It should be computationally infeasible to find valid ciphertext (Even if you encrypt plaintext so that it can be decrypted once, it should require the same amount of work to do it again.)
Public vs. Private Key Encryption Private key encryption uses the same key for both encryption and decryption (faster) (DES) Private key encryption known as symmetric Public key encryption uses two different keys, one to decrypt and one to encrypt (RSA) Thus, one key can be “public”, because the other key is still necessary for decryption More complex, key management is an issue Public key encryption known as asymmetric
Encipherment Modes Block Mode ciphers - Message broken into blocks, each block encrypted separately blocks of identical plaintext have identical ciphertext replay and substitution attacks easier (insertion or deletion of blocks Block chaining - parts of the previous block are inserted into the current block makes replay and substitution attacks much harder DES is a block cipher
Encipherment Modes Stream Ciphers - Message broken into characters or bits and enciphered with a “key stream” key stream - should be random and generated independently of the message stream
Digital Encryption Standard ( DES) Developed by IBM in 1972 Never approved for national security applications 64-bit plain & cipher text block size 56-bit true key plus 8 parity bits Single chip (hardware) implementation Most implementations now software 16 rounds of transpositions & substitutions Standard for unclassified government data symmetric, private key
Applications of DES Double DES Effective key length of 112 bits Work factor about the same as single DES Triple DES Encrypt with first key Decrypt with second key Encrypt with first key Very secure
Public key RSA - Rivest, Shamir, and Adleman Introduced in 1976 Relies on factoring of large numbers Elliptic Curve Cryptosystem (ECC) Highest strength/bit of public key stream Big savings over other public key systems Computation Bandwidth Storage
Strength Comparison
Key Selection Similar to password selection, users are the weak link Random number generators may not be random Key clustering - two different keys produce equivalent ciphertext from equivalent plaintext
Key Management Using a public key system, A wants to talk to B C is the Key Distribution Center, has A and B’s public key A calls B, and the calling protocol contacts C C encrypts a session key, “k”, with the public keys and sends the encrypted “k” to A and B A and B can then communicate
Key Management Issues Key storage, recovery Key revocation (lost, compromised keys) Must be fully automated No key in clear outside crypto system Choose key randomly from entire key space Key-encrypting key must be separate from data keys Infrequently use keys with long life
Key Escrow Separate agencies maintain components of private key, which, when combined, can be used to decrypt ciphertext Stated reason is to decrypt drug related communications Clipper chip is an example secret algorithm Unpopular, unused Issues include key storage, Big Brother
Digital Signature Used like a written signature, binds a message to an individual (Provides non-repudiation): S is sender, R is recipient, and M is the Message R must be able to validate S’s signature on M No one can forge S’s signature If S denies signing M, a 3rd party must be able to resolve the dispute between S and R Easy with public key encryption - S encrypts with private key, R can decrypt with public (so can 3rd party)
Digital Signature Previous method results in M in ciphertext, anyone without S’s public key cannot view An alternative is to compute a digest of the message using a public hash function, then encrypt the digest using private key. Thus, the only ciphertext is the hash. MD2, MD4, and MD5 are public hash functions that create message digests. MD5 is strongest, a Rivest upgrade of MD4
Hash Function Hash function produces a message digest message digest also known as fingerprint, imprint 2 messages with the same digest are extremely unlikely Signer can’t claim a different message was signed Recipient can’t claim a different message was signed
Digital Signature Standard (DSS) Uses secure hash algorithm Condenses message to 160 bits Key size 512 - 1024 bits Proposed by NIST in 1991 Adopted???
Message Authentication Code General term used to describe digital signatures
Attacks Brute force attack Attempt to use all keys expensive time consuming But, processing speed doubles every 18 months, Clustered workstations, etc.
Attacks Analytic Use algorithm and algebraic manipulation to reduce complexity Statistical Use statistical weaknesses in design (more 1’s than 0s in keystream on average, for example) Implementation Microsoft - PPTP, LANMAN passwords poor randomization on Netscape key
Kerberos Authentication and encryption system designed at MIT Assigns a unique key, called a “ticket”, to each user on the network “Ticket” embedded in user’s messages to identify sender
Certificate Authority Trusted, 3rd party organization CA (Certificate Authority) guarantees that the individual granted a certificate is who he/she claims to be CA usually has arrangement with financial institution to confirm identity Critical to data security and electronic commerce
Public Key Infrastructure Known as PKI Necessary for widespread electronic commerce No absolute definition or standard A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of parties in Internet transactions
Steganography Art of hiding communications Why? Deny message exists Hide data transmissions (remember the microdot?) Common implementations hide information in graphic files, sound files, or slack space

More Related Content

PPT
6. cryptography
7wounders
 
PPTX
Cryptography
Sidharth Mohapatra
 
PDF
Introduction to Cryptography
Seema Goel
 
PPTX
Cryptography
Darshini Parikh
 
PPTX
Cryptography
EmaSushan
 
PPTX
Cryptography and Information Security
Dr Naim R Kidwai
 
PPTX
cryptography
Abhijeet Singh
 
PPTX
Cryptography
Jens Patel
 
6. cryptography
7wounders
 
Cryptography
Sidharth Mohapatra
 
Introduction to Cryptography
Seema Goel
 
Cryptography
Darshini Parikh
 
Cryptography
EmaSushan
 
Cryptography and Information Security
Dr Naim R Kidwai
 
cryptography
Abhijeet Singh
 
Cryptography
Jens Patel
 

What's hot (20)

PPTX
Rsa cryptosystem
Abhishek Gautam
 
PPTX
Introduction to Cryptography
Md. Afif Al Mamun
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
Cryptography.ppt
Uday Meena
 
PDF
Cryptography
Kalyani Government Engineering College
 
PPT
Fundamentals of cryptography
Hossain Md Shakhawat
 
PPTX
Cryptography
subodh pawar
 
PDF
2. Stream Ciphers
Sam Bowne
 
PPTX
Digital certificates
Buddhika Karunanayaka
 
PPTX
Cryptography
herrberk
 
PPTX
Elgamal & schnorr digital signature scheme copy
North Cap University (NCU) Formely ITM University
 
PPT
Cryptography
Suhepi Saputri
 
PDF
Asymmetric Cryptography
UTD Computer Security Group
 
PPT
Digital Signature Standard
Sou Jana
 
PPTX
Symmetric and asymmetric key cryptography
MONIRUL ISLAM
 
PPT
Cryptography
IGZ Software house
 
PPTX
Transport Layer Security (TLS)
Arun Shukla
 
PPTX
Cryptography and network security
patisa
 
PDF
Introduction to Cryptography
Popescu Petre
 
PPTX
Cryptography
Sagar Janagonda
 
Rsa cryptosystem
Abhishek Gautam
 
Introduction to Cryptography
Md. Afif Al Mamun
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Cryptography.ppt
Uday Meena
 
Cryptography
Kalyani Government Engineering College
 
Fundamentals of cryptography
Hossain Md Shakhawat
 
Cryptography
subodh pawar
 
2. Stream Ciphers
Sam Bowne
 
Digital certificates
Buddhika Karunanayaka
 
Cryptography
herrberk
 
Elgamal & schnorr digital signature scheme copy
North Cap University (NCU) Formely ITM University
 
Cryptography
Suhepi Saputri
 
Asymmetric Cryptography
UTD Computer Security Group
 
Digital Signature Standard
Sou Jana
 
Symmetric and asymmetric key cryptography
MONIRUL ISLAM
 
Cryptography
IGZ Software house
 
Transport Layer Security (TLS)
Arun Shukla
 
Cryptography and network security
patisa
 
Introduction to Cryptography
Popescu Petre
 
Cryptography
Sagar Janagonda
 
Ad

Viewers also liked (20)

PDF
Public private key
StudsPlanet.com
 
PDF
Public key cryptography
Israel Herraiz
 
PDF
Public Key Authentication With SSH
Don Norwood
 
PPTX
Public Key Cryptosystem
Devakumar Kp
 
KEY
Alice & bob public key cryptography 101
Joshua Thijssen
 
PPTX
3 public key cryptography
Rutvik Mehta
 
PPT
PUBLIC KEY ENCRYPTION
raf_slide
 
PPTX
Cryptography.ppt
kusum sharma
 
PDF
Key Management Schemes for Secure Communication in Heterogeneous Sensor Networks
IDES Editor
 
PPT
Handout infosec defense-mechanism-y3dips
Ammar WK
 
PPT
Cryptography
Sajal Agarwal
 
PDF
Contributory broadcast encryption with efficient encryption and short ciphert...
Shakas Technologies
 
PDF
Cryptoppt
Meenakshi Tripathi
 
PPTX
Attack lecture #2 ppt
vasanthimuniasamy
 
PPTX
Ppt.1
veeresh35
 
PPT
Public Key Cryptography
anusachu .
 
PDF
Ieee 2015 2016
Focuslogic Walaja
 
PPTX
Introduction to SSH & PGP
Sarang Ananda Rao
 
PPTX
Message digest & digital signature
Dinesh Kodam
 
PPTX
Image Encryption in java ppt.
Pradeep Vishwakarma
 
Public private key
StudsPlanet.com
 
Public key cryptography
Israel Herraiz
 
Public Key Authentication With SSH
Don Norwood
 
Public Key Cryptosystem
Devakumar Kp
 
Alice & bob public key cryptography 101
Joshua Thijssen
 
3 public key cryptography
Rutvik Mehta
 
PUBLIC KEY ENCRYPTION
raf_slide
 
Cryptography.ppt
kusum sharma
 
Key Management Schemes for Secure Communication in Heterogeneous Sensor Networks
IDES Editor
 
Handout infosec defense-mechanism-y3dips
Ammar WK
 
Cryptography
Sajal Agarwal
 
Contributory broadcast encryption with efficient encryption and short ciphert...
Shakas Technologies
 
Cryptoppt
Meenakshi Tripathi
 
Attack lecture #2 ppt
vasanthimuniasamy
 
Ppt.1
veeresh35
 
Public Key Cryptography
anusachu .
 
Ieee 2015 2016
Focuslogic Walaja
 
Introduction to SSH & PGP
Sarang Ananda Rao
 
Message digest & digital signature
Dinesh Kodam
 
Image Encryption in java ppt.
Pradeep Vishwakarma
 
Ad

Similar to Cryptography (20)

PPT
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
PPT
Network Security and Cryptography
Adam Reagan
 
PPT
Cryptography Lecture by Sam Bowne
SecurityTube.Net
 
PPTX
Cryptography
Pratiksha Patil
 
PPT
Introduction To PKI Technology
Sylvain Maret
 
PPTX
Encryption techniques
MohitManna
 
PPTX
Cryptography and network security
Nagendra Um
 
PPTX
Security - ch3.pptx
GebrehanaAlemaw
 
PPT
Rothke Info Security Canada 2007 Final
Ben Rothke
 
PDF
Cryptology - The practice and study of hiding information
Bitcoin Association of Australia
 
PPTX
Security - ch3.pptx
HabtamuHaileMichael2
 
PPT
Day5
Jai4uk
 
PDF
Chapter 8 cryptography lanjutan
newbie2019
 
PPT
1329 n 9460
kicknit123
 
PPTX
Security
Saqib Shehzad
 
PPT
Lecture 7 - CRYPTOGRAPHYpptof my presentation.ppt
FarooqKhurshid1
 
PPTX
CNS 3RD UNIT PPT.pptx
pjeraids
 
PPT
Network security
Ramasubbu .P
 
DOC
DOCS ON NETWORK SECURITY
Tuhin_Das
 
PDF
cryptography
Balaji Ravi
 
Ch12 Cryptography it-slideshares.blogspot.com
phanleson
 
Network Security and Cryptography
Adam Reagan
 
Cryptography Lecture by Sam Bowne
SecurityTube.Net
 
Cryptography
Pratiksha Patil
 
Introduction To PKI Technology
Sylvain Maret
 
Encryption techniques
MohitManna
 
Cryptography and network security
Nagendra Um
 
Security - ch3.pptx
GebrehanaAlemaw
 
Rothke Info Security Canada 2007 Final
Ben Rothke
 
Cryptology - The practice and study of hiding information
Bitcoin Association of Australia
 
Security - ch3.pptx
HabtamuHaileMichael2
 
Day5
Jai4uk
 
Chapter 8 cryptography lanjutan
newbie2019
 
1329 n 9460
kicknit123
 
Security
Saqib Shehzad
 
Lecture 7 - CRYPTOGRAPHYpptof my presentation.ppt
FarooqKhurshid1
 
CNS 3RD UNIT PPT.pptx
pjeraids
 
Network security
Ramasubbu .P
 
DOCS ON NETWORK SECURITY
Tuhin_Das
 
cryptography
Balaji Ravi
 

More from amiable_indian (20)

PDF
Phishing As Tragedy of the Commons
amiable_indian
 
PDF
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
 
PDF
Secrets of Top Pentesters
amiable_indian
 
PPS
Workshop on Wireless Security
amiable_indian
 
PDF
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
PPS
Workshop on BackTrack live CD
amiable_indian
 
PPS
Reverse Engineering for exploit writers
amiable_indian
 
PPS
State of Cyber Law in India
amiable_indian
 
PPS
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
 
PPS
Reverse Engineering v/s Secure Coding
amiable_indian
 
PPS
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
PPS
Economic offenses through Credit Card Frauds Dissected
amiable_indian
 
PPS
Immune IT: Moving from Security to Immunity
amiable_indian
 
PPS
Reverse Engineering for exploit writers
amiable_indian
 
PPS
Hacking Client Side Insecurities
amiable_indian
 
PDF
Web Exploit Finder Presentation
amiable_indian
 
PPT
Network Security Data Visualization
amiable_indian
 
PPT
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
 
PDF
Top Network Vulnerabilities Over Time
amiable_indian
 
PDF
What are the Business Security Metrics?
amiable_indian
 
Phishing As Tragedy of the Commons
amiable_indian
 
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
 
Secrets of Top Pentesters
amiable_indian
 
Workshop on Wireless Security
amiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
Workshop on BackTrack live CD
amiable_indian
 
Reverse Engineering for exploit writers
amiable_indian
 
State of Cyber Law in India
amiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
 
Reverse Engineering v/s Secure Coding
amiable_indian
 
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Economic offenses through Credit Card Frauds Dissected
amiable_indian
 
Immune IT: Moving from Security to Immunity
amiable_indian
 
Reverse Engineering for exploit writers
amiable_indian
 
Hacking Client Side Insecurities
amiable_indian
 
Web Exploit Finder Presentation
amiable_indian
 
Network Security Data Visualization
amiable_indian
 
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
 
Top Network Vulnerabilities Over Time
amiable_indian
 
What are the Business Security Metrics?
amiable_indian
 

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Cloud computing and distributed systems.
kkkkkhan
 
KodekX | Application Modernization Development
KodekX
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Teaching material agriculture food technology
LiaRayya
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Approach and Philosophy of On baking technology
30anthuong17
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 

Cryptography

  • 1. Cryptography Basic concepts and terms Public/Private Key Algorithms Key Distribution/Management Digital Signatures Miscellaneous Crypto
  • 2. Crytpo Intro Why Encrypt? Protect stored information Protect Encryption - process by which plaintext is converted to ciphertext using a key Decryption - process by which ciphertext is converted to plaintext (with the appropriate key) plaintext (cleartext)- intelligible data
  • 3. Crypto Terms Cryptography - art/science relating to encrypting, decrypting information cryptanalysis - art/science relating to converting ciphertext to plaintext without the (secret) key Link encryption - the individual application of encryption to data on each link of a network (nodes are a weak link) end-to-end encryption - the encryption of data from source system to end system (https)
  • 4. Crypto Terms Repudiation - In communication between parties, Denial by one party of having participated in communication (commonly heard as non-repudiation) Traffic analysis - inference of information from analysis of traffic (presence, absence, frequency, etc.) Traffic padding - generation of spurious data units Work Factor - effort/time needed to overcome a protective measure
  • 5. One - Time Pad Two identical pads (keys), one with sender, one with recipient The random pads (keys) are the same length as the message Unbreakable by exhaustive search Relies on physical security of the pads Pads can only be used once
  • 6. Cryptanalysis Terms Ciphertext-only attack - attacker attempts to decrypt ciphertext Known-plaintext attack - attacker attempts to decrypt ciphertext given knowledge of some plaintext (think “Login: “) Chosen-plaintext attack - attacker obtains ciphertext corresponding to selected plaintext Chosen-ciphertext attack - attacker obtains plaintext corresponding to selected ciphertext (in a public key system, when trying to deduce private key)
  • 7. Crypto System Properties Encryption/decryption transformations must be efficient for all keys System must be easy to use The security of the system should depend ONLY on the secrecy of the keys and not on the secrecy of the encryption/decryption transformations
  • 8. Secrecy Requirements If ciphertext and plaintext are known, it should be computationally infeasible to determine the deciphering algorithm It should be computationally infeasible to systematically determine plaintext from intercepted ciphertext (Even if you decrypt ciphertext once, it should require the same amount of work to do it again.) Note: “systematically” allows for a lucky guess Note: “Computationally infeasible” means great effort, doesn’t account for advances in computing, mathematics
  • 9. Authenticity Requirements If ciphertext and plaintext are known, it should be computationally infeasible to determine the enciphering algorithm It should be computationally infeasible to find valid ciphertext (Even if you encrypt plaintext so that it can be decrypted once, it should require the same amount of work to do it again.)
  • 10. Public vs. Private Key Encryption Private key encryption uses the same key for both encryption and decryption (faster) (DES) Private key encryption known as symmetric Public key encryption uses two different keys, one to decrypt and one to encrypt (RSA) Thus, one key can be “public”, because the other key is still necessary for decryption More complex, key management is an issue Public key encryption known as asymmetric
  • 11. Encipherment Modes Block Mode ciphers - Message broken into blocks, each block encrypted separately blocks of identical plaintext have identical ciphertext replay and substitution attacks easier (insertion or deletion of blocks Block chaining - parts of the previous block are inserted into the current block makes replay and substitution attacks much harder DES is a block cipher
  • 12. Encipherment Modes Stream Ciphers - Message broken into characters or bits and enciphered with a “key stream” key stream - should be random and generated independently of the message stream
  • 13. Digital Encryption Standard ( DES) Developed by IBM in 1972 Never approved for national security applications 64-bit plain & cipher text block size 56-bit true key plus 8 parity bits Single chip (hardware) implementation Most implementations now software 16 rounds of transpositions & substitutions Standard for unclassified government data symmetric, private key
  • 14. Applications of DES Double DES Effective key length of 112 bits Work factor about the same as single DES Triple DES Encrypt with first key Decrypt with second key Encrypt with first key Very secure
  • 15. Public key RSA - Rivest, Shamir, and Adleman Introduced in 1976 Relies on factoring of large numbers Elliptic Curve Cryptosystem (ECC) Highest strength/bit of public key stream Big savings over other public key systems Computation Bandwidth Storage
  • 17. Key Selection Similar to password selection, users are the weak link Random number generators may not be random Key clustering - two different keys produce equivalent ciphertext from equivalent plaintext
  • 18. Key Management Using a public key system, A wants to talk to B C is the Key Distribution Center, has A and B’s public key A calls B, and the calling protocol contacts C C encrypts a session key, “k”, with the public keys and sends the encrypted “k” to A and B A and B can then communicate
  • 19. Key Management Issues Key storage, recovery Key revocation (lost, compromised keys) Must be fully automated No key in clear outside crypto system Choose key randomly from entire key space Key-encrypting key must be separate from data keys Infrequently use keys with long life
  • 20. Key Escrow Separate agencies maintain components of private key, which, when combined, can be used to decrypt ciphertext Stated reason is to decrypt drug related communications Clipper chip is an example secret algorithm Unpopular, unused Issues include key storage, Big Brother
  • 21. Digital Signature Used like a written signature, binds a message to an individual (Provides non-repudiation): S is sender, R is recipient, and M is the Message R must be able to validate S’s signature on M No one can forge S’s signature If S denies signing M, a 3rd party must be able to resolve the dispute between S and R Easy with public key encryption - S encrypts with private key, R can decrypt with public (so can 3rd party)
  • 22. Digital Signature Previous method results in M in ciphertext, anyone without S’s public key cannot view An alternative is to compute a digest of the message using a public hash function, then encrypt the digest using private key. Thus, the only ciphertext is the hash. MD2, MD4, and MD5 are public hash functions that create message digests. MD5 is strongest, a Rivest upgrade of MD4
  • 23. Hash Function Hash function produces a message digest message digest also known as fingerprint, imprint 2 messages with the same digest are extremely unlikely Signer can’t claim a different message was signed Recipient can’t claim a different message was signed
  • 24. Digital Signature Standard (DSS) Uses secure hash algorithm Condenses message to 160 bits Key size 512 - 1024 bits Proposed by NIST in 1991 Adopted???
  • 25. Message Authentication Code General term used to describe digital signatures
  • 26. Attacks Brute force attack Attempt to use all keys expensive time consuming But, processing speed doubles every 18 months, Clustered workstations, etc.
  • 27. Attacks Analytic Use algorithm and algebraic manipulation to reduce complexity Statistical Use statistical weaknesses in design (more 1’s than 0s in keystream on average, for example) Implementation Microsoft - PPTP, LANMAN passwords poor randomization on Netscape key
  • 28. Kerberos Authentication and encryption system designed at MIT Assigns a unique key, called a “ticket”, to each user on the network “Ticket” embedded in user’s messages to identify sender
  • 29. Certificate Authority Trusted, 3rd party organization CA (Certificate Authority) guarantees that the individual granted a certificate is who he/she claims to be CA usually has arrangement with financial institution to confirm identity Critical to data security and electronic commerce
  • 30. Public Key Infrastructure Known as PKI Necessary for widespread electronic commerce No absolute definition or standard A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of parties in Internet transactions
  • 31. Steganography Art of hiding communications Why? Deny message exists Hide data transmissions (remember the microdot?) Common implementations hide information in graphic files, sound files, or slack space