Cryptography & Digital Signatures

Similar documents
IT Networks & Security CERT Luncheon Series: Cryptography

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

An Introduction to Cryptography as Applied to the Smart Grid

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

CRYPTOGRAPHY IN NETWORK SECURITY

7! Cryptographic Techniques! A Brief Introduction

Lecture 9: Application of Cryptography

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Chapter 7: Network security

CSE/EE 461 Lecture 23

CPSC 467b: Cryptography and Computer Security

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

How To Encrypt Data With Encryption

Introduction to Encryption

Information Security

Lecture 9 - Network Security TDTS (ht1)

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Overview of Public-Key Cryptography

What is network security?

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Introduction to Cryptography

Chapter 10. Network Security

Lukasz Pater CMMS Administrator and Developer

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

CSCE 465 Computer & Network Security

SECURITY IN NETWORKS

Network Security. HIT Shimrit Tzur-David

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Cryptography and Network Security Chapter 15

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Message authentication and. digital signatures

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Application Layer (1)

PGP from: Cryptography and Network Security

An Introduction to Cryptography and Digital Signatures

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

ICOM 5018 Network Security and Cryptography

Cryptography & Network Security

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

A Standards-based Approach to IP Protection for HDLs

Overview. SSL Cryptography Overview CHAPTER 1

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Application Layer (1)

Chapter 8. Network Security

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Cryptography and Network Security Chapter 14

Network Security Essentials Chapter 7

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Public Key (asymmetric) Cryptography

Associate Prof. Dr. Victor Onomza Waziri

Message Authentication

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

OOo Digital Signatures. Malte Timmermann Technical Architect Sun Microsystems GmbH

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Hash Functions. Integrity checks

Cryptographic Hash Functions Message Authentication Digital Signatures

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Authentication requirement Authentication function MAC Hash function Security of

Content Teaching Academy at James Madison University

Outline. Digital signature. Symmetric-key Cryptography. Caesar cipher. Cryptography basics Digital signature

Cryptography and Network Security

Chapter 6 Electronic Mail Security

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Notes on Network Security Prof. Hemant K. Soni

Lecture 6 - Cryptography

Introduction to Computer Security

Transparent Data Encryption: New Technologies and Best Practices for Database Encryption

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Advanced Authentication

A Question of Key Length

The science of encryption: prime numbers and mod n arithmetic

Savitribai Phule Pune University

CS 758: Cryptography / Network Security

Massachusetts Institute of Technology Handout : Network and Computer Security October 9, 2003 Professor Ronald L. Rivest.

Message Authentication Codes

Secure Network Communications FIPS Non Proprietary Security Policy

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

CIS433/533 - Computer and Network Security Cryptography

Guide to Data Field Encryption

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Authentication, digital signatures, PRNG

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

How To Understand And Understand The History Of Cryptography

Guideline for Implementing Cryptography In the Federal Government

Public Key Encryption and Digital Signature: How do they work?

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

As enterprises conduct more and more

Transcription:

Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H. Sloan

Cryptography The science of sending secret messages Ancient history; people always interested in it Mentioned in Herodotus; the Hebrew Bible

Overview Uses: Secrecy, nonrepudiation, authentication Implementations: Rotor machines (Haeglin, Enigma) Computers, specialpurpose chips, etc.

Most basic scenario Alice uses encryption algorithm E to transform her message m, the plaintext (or cleartext), and a key k into ciphertext E(m,k). Intended recipient has key that allows him to decrypt the ciphertext E(m,k) and get back m.

Crypto 1800 1975 In past century or two, secrecy rests upon secret key. I.e., ciphertext can be decrypted by anybody possessing (or guessing) the secret key. Before modern era (c. 1976 ), security rests on some sort of mixing and can be broken with enough samples by statistical techniques (with exception of one-time pad)

Aside: Breaking Enigma Family of German rotor machines. Commercial originally; military Wehrmacht version is the famous one.

Breaking The Unbreakable 1932: Trio of Polish mathematicians led by Marian Rejewskibroke 3- rotor plus plugboard machine

Enigma continued 1939: Germans went up to 5 rotors; more than Polish system could handle July 1939 Polish mathematicians gave their techniques to French & British September 1939, Turing at Blechley Park begins effort to build Bombe to decrypt this Enigma and succeeds!

Modern era: 1976 Cryptography based on (computational) complexity theory theory of what can be computed quickly versus what can be computed slowly Goal: encryption, and decryption with possession of proper key can be computed very fast; decryption without key is very slow (e.g., 1 million years on best supercomputer). Currently: True if make unproven assumptions overwhelmingly believed by researchers in complexity theory. (E.g., Factoring not in P.)

Two kinds of crypto Symmetric or secret key: there is a unique key, and Alice and Bob must somehow arrange to share it so they but only they know it. In practice, very fast encrypt & decrypt Only kind of crypto prior to 1976. Asymmetric or public key: Each user has 2 keys: secret one to decrypt; public key that anybody can use to send her messages. Medium speed in practice.

Public-key cryptography: 1 A big random (i.e., pesudorandom) number is used to make a key pair.

Public-key cryptography: 2 Anyone can encrypt using public key; can decrypt only with private key Often encrypt & decrypt same function; only keys different

Some well-regarded publickey methods RSA Digital Signature Standard/Algorithm (DSS)/DSA (NIST standard; signatures only) El Gamal Various elliptic curve methods

Public-key in practice Because somewhat slower, used mostly for only two things: 1. Digital signatures 2. Various techniques having to do with key management & distribution (more soon)

Well-known private-key crypto Data Encryption System (DES): Standard from federal government in 1977. Fatal flaw for 21st century: 56-bit key length subject to bruteforce attacks. Still in use though! Triple DES; longer key length; popular stopgap as DES became scary. Advanced Encryption Standard (AES): newish standard from federal government; very fast, very secure; seeing slow conversion from legacy systems.

One-time pad Special case of secret key. Key length must be equal to message length (huge drawback). Provides perfect secrecy, with no assumptions whatsoever. Believed to be used for high-level diplomatic and intelligence work; may become more prevalent

Crypto Goals: confidentiality The obvious one. Use the cryptosystem. Advantage of public-key cryptography is that it allows for secrecy between two parties who have not arranged in advance to have a shared key (or trusted some third party to give it to them). Disadvantage is speed. Therefore, in practice, hybrid systems use public-key to establish session key for private key.

Goals: integrity Simplest form is an elaboration of the checksum: (cryptographic) hash function or message digest. Short signature of the message, 128 512 bits that depend on entire message; extremely improbable that unequal messages have same hash. Popular functions: SHA-1 (weak?), SHA-256, SHA-384, SHA-512 (NIST); MD5 (Rivest) By itself, shows only no accidental corruption

Digital Signatures Use public-key cryptography backwards to sign messages. I.e., to sign m, Alice encrypts m with her private key; anybody can verify by using Alice s public key.

Non-repudiation + integrity A s digital signature of a cryptographic hash of message m guarantees that m was signed by A and that m was not altered. Anybody can computer the hash of m; anybody can verify A s signature. Or conceptually more complex Message Authentication Code (MAC)

How do I get Alice s public key? Even with public-key crypto and digital signatures, still have the problem of authentication: binding users to keys. Early days articles envisioned phonebook-like database with Name, Public Key entries Problem: How secure is that database?! Attacker can put in his own key for me, and start signing contracts (and checks!) in my name. Maybe we can secure the phonebook, but then that kills the idea of of keys widely, easily publicly available.

Certification Common solution today is for trusted 3 rd party certification authority (CA) to sign the user s public encryption key. Resulting certificate will contain, e.g., user s name/id, user s public key; CA s name; certificate s start date, and length of time it is valid. User publishes certificate Standard X.509 for format of certificate

Web of trust Alternative to CA is web-of-trust model of PGP, GnuPG, and OpenPGP. Key-signing party!

Encryption of Stored Data Routine to use encryption for transmission over network today; but in practice need more encryption of data at rest data stored locally. December 2004 Bank of America backup tapes with cleartext 1.2M government employees name, SSN, bank account # April 2005, San Jose Medical group had computer physically stolen: 200K patient

Encrypting data at rest Simple solution is to encrypt data at rest For laptops can use commercially available encryption package such as PGP Also now back-end appliances between data & backup device, various other products.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information