Cryptography. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Similar documents
IT Networks & Security CERT Luncheon Series: Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Lecture 9 - Network Security TDTS (ht1)

Chapter 8. Network Security

Chapter 10. Network Security

Savitribai Phule Pune University

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

How To Encrypt Data With Encryption

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

EXAM questions for the course TTM Information Security May Part 1

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Network Security. HIT Shimrit Tzur-David

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Is your data safe out there? -A white Paper on Online Security

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Content Teaching Academy at James Madison University

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Page 1. Session Overview: Cryptography

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Cryptography & Network Security

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Using etoken for SSL Web Authentication. SSL V3.0 Overview

What is network security?

Overview. SSL Cryptography Overview CHAPTER 1

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

CSE/EE 461 Lecture 23

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Chapter 7: Network security

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Application Layer (1)

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

Network Security Protocols

CS 758: Cryptography / Network Security

Lecture 9: Application of Cryptography

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Global Telehealth Conference 2012

7! Cryptographic Techniques! A Brief Introduction

How To Understand And Understand The History Of Cryptography

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

CRYPTOGRAPHY IN NETWORK SECURITY

Application Layer (1)

As enterprises conduct more and more

Secure Client Applications

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

SECURITY IN NETWORKS

Properties of Secure Network Communication

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

NETWORK ADMINISTRATION AND SECURITY

Evaluation of the RC4 Algorithm for Data Encryption

Key Management (Distribution and Certification) (1)

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Network Security: Cryptography CS/SS G513 S.K. Sahay

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Introduction to Encryption

CIS433/533 - Computer and Network Security Cryptography

Information Security

How To Use Pretty Good Privacy (Pgp) For A Secure Communication

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Chapter 23. Database Security. Security Issues. Database Security

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Chapter 17. Transport-Level Security

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Chapter 6 Electronic Mail Security

CrypTool Claudia Eckert / Thorsten Clausius Bernd Esslinger / Jörg Schneider / Henrik Koy

Cipher Techniques on Networks. Amit Konar Math and CS, UMSL

ICOM 5018 Network Security and Cryptography

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

INTRODUCTION to CRYPTOGRAPHY & CRYPTOGRAPHIC SERVICES on Z/OS BOSTON UNIVERSITY SECURITY CAMP MARCH 14, 2003

SSL A discussion of the Secure Socket Layer

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

Secure Sockets Layer

mod_ssl Cryptographic Techniques

Network Security. Omer Rana

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Security: Focus of Control. Authentication

Secure Network Communication Based on Text-to-Image Encryption

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

A Standards-based Approach to IP Protection for HDLs

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Archived NIST Technical Series Publication

First Semester Examinations 2011/12 INTERNET PRINCIPLES

VoteID 2011 Internet Voting System with Cast as Intended Verification

Insight Guide. Encryption: A Guide

Computer System Management: Hosting Servers, Miscellaneous

Internet Programming. Security

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Cryptography & Digital Signatures

Network Security. Network Security. Security in Computer Networks

Randomly Encryption Using Genetic Algorithm

BRIEF INTRODUCTION TO CRYPTOGRAPHY. By PAGVAC. February 8, 2004

Transcription:

Cryptography Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1

Learning Objectives Upon completion of this material, you should be able to: Understand the basic cipher methods and cryptographic algorithms List and explain the major protocols used for secure communications Principles of Information Security, 5th Edition 2

Terminology (1) Cryptography: Book definition: process/study of making and using codes to secure information transmission It s really: the practice/study of rendering information unintelligible to everyone except the intended recipient Cryptanalysis: study of obtaining plaintext without knowing key and/or algorithm Cryptology: study of science of encryption, incl. cryptography Steganography: process of hiding messages (and the existence thereof) in images, text, etc. See Wayner s book Disappearing Cryptography for more info Principles of Information Security, 5th Edition 3

Terminology (2) Plaintext: unencrypted message Ciphertext: encrypted message Cipher, cryptosystem: encryption method consisting of algorithm, key, and encryption/decryption procedures Key: secret info used with algorithm to form cipher Kerchhoffs principle: a cryptosystem should be secure if everything but the key is publicly known Security through obscurity doesn t work The enemy knows the system Claude Shannon Encrypt/encipher: convert plaintext to ciphertext Decrypt/decipher: convert ciphertext to plaintext Principles of Information Security, 5th Edition 4

Terminology (3) Keyspace: # of values that can be used in a key Ranges of possible and actual values may vary This can greatly affect cipher security Entropy: # of different actual values something can have Not keyspace, which specifies total # of possible values Example: keyspace is # of 16-character passwords with upper- and lowercase letters, numbers, punctuation. If someone always uses 4- character password, entropy is much smaller than keyspace Security problems have originated in seeds of pseudo-random number generators with low entropy Work factor: amount of work (CPU time, instructions) required to perform cryptanalysis on ciphertext to recover plaintext without knowing key or algorithm Pseudo-random number generator (PRNG): algorithm that creates random number sequence whose properties are similar to those of real random number sequences Principles of Information Security, 5th Edition 5

Terminology (4) One-way hash function: converts message to a value (message digest MD) One-way: can t determine message from MD Examples: MD5, SHA-1, etc. Hash collision: two messages produce same MD Aim: given a message and an MD, you should not be able to find another message that hashes to same MD Nonce: number only used once, helps prevent replay attacks Principles of Information Security, 5th Edition 6

Cipher Methods (1) Plaintext can be encrypted via bit stream or block cipher methods Bit stream: each plaintext bit transformed into cipher bit one bit at a time Block cipher: message divided into blocks (e.g., sets of 8- or 16-bit blocks) and each is transformed into encrypted block of cipher bits using algorithm and key Principles of Information Security, 5th Edition 7

Cipher Methods (2) Substitution cipher: substitute one value for another Monoalphabetic substitution: uses only one alphabet, e.g., ROT13, Radio Orphan Annie decoder Polyalphabetic substitution: more advanced; uses two or more alphabets, e.g., Vigenère cipher Transposition cipher: rearranges values within a block to create ciphertext Exclusive OR (XOR): Boolean algebra function that compares two bits: If they re identical, result = 0 Otherwise, result = 1 Bit 1 Bit 2 Bit 1 XOR Bit 2 0 0 0 0 1 1 1 0 1 1 1 0 Principles of Information Security, 5th Edition 8

Cryptographic Algorithms (1) Often grouped into two broad categories, symmetric and asymmetric Today s popular cryptosystems use hybrid combination thereof Symmetric and asymmetric algorithms distinguished by types of keys used for encryption and decryption Principles of Information Security, 5th Edition 9

Cryptographic Algorithms (2) Symmetric encryption: uses same secret key to encrypt and decrypt message Encryption methods can be extremely efficient, requiring minimal processing Both sender and receiver must possess key If either copy of key is compromised, an intermediate can decrypt and read messages Principles of Information Security, 5th Edition 10

Figure 8-3 Symmetric Encryption Example Principles of Information Security, 5th Edition 11

Cryptographic Algorithms (3) Data Encryption Standard (DES): one of most popular symmetric encryption cryptosystems 64-bit block size; 56-bit key Adopted by NIST in 1976 as federal standard for encrypting non-classified information Triple DES (3DES): created to provide security far beyond DES Advanced Encryption Standard (AES): developed to replace both DES and 3DES Principles of Information Security, 5th Edition 12

Cryptographic Algorithms (4) Asymmetric Encryption (public key encryption) Uses two different but related keys; either key can encrypt or decrypt message If Key A encrypts message, only Key B can decrypt Highest value when one key is private key and the other is public key Principles of Information Security, 5th Edition 13

Figure 8-4 Using Public Keys Principles of Information Security, 5th Edition 14

Cryptography Tools Public Key Infrastructure (PKI): integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely PKI systems based on public key cryptosystems, include digital certificates and certificate authorities (CAs) Principles of Information Security, 5th Edition 15

Digital Signatures Encrypted messages that can be mathematically proven to be authentic Created in response to rising need to verify information transferred using electronic systems Asymmetric encryption processes used to create digital signatures Principles of Information Security, 5th Edition 16

Digital Certificates Electronic document containing key value and identifying information about entity that controls key Digital signature attached to certificate s container file to certify file is from entity it claims to be from Principles of Information Security, 5th Edition 17

Figure 8-5 Digital Signatures Principles of Information Security, 5th Edition 18

Protocols for Secure Communications (1) Secure Socket Layer (SSL) protocol: uses public key encryption to secure channel over public Internet Secure Hypertext Transfer Protocol (S-HTTP): extended version of Hypertext Transfer Protocol; provides for encryption of individual messages between client and server across Internet S-HTTP is the application of SSL over HTTP; allows encryption of information passing between computers through protected and secure virtual connection Principles of Information Security, 5th Edition 19

Protocols for Secure Communications (2) Securing E-mail with S/MIME, PEM, and PGP Secure Multipurpose Internet Mail Extensions (S/ MIME): builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication Privacy Enhanced Mail (PEM): proposed as standard to function with public key cryptosystems; uses 3DES symmetric key encryption Pretty Good Privacy (PGP): uses IDEA cipher for message encoding Principles of Information Security, 5th Edition 20

Protocols for Secure Communications (3) Securing Web transactions with SET, SSL, and S- HTTP Secure Electronic Transactions (SET): developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud Uses DES to encrypt credit card information transfers Provides security for both Internet-based credit card transactions and credit card swipe systems in retail stores Principles of Information Security, 5th Edition 21

Summary Cryptography and encryption provide sophisticated approach to security Many security-related tools use embedded encryption technologies Encryption converts a message into a form that is unreadable by the unauthorized Many tools are available and can be classified as symmetric or asymmetric, each having advantages and special capabilities Principles of Information Security, 5th Edition 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information