Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)

Published byScott Melton Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)"— Presentation transcript:

1 Cryptography 101

2 Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation) Cryptography: Goals

3 Alice & Bob Are two persons who want to communicate without anybody else knows the content Eve Eavesdropper, normally a passive person that will try to listen in on Alice and Bob (perhaps an ex-girlfriend or wife) Oscar Opponent, an active person that will try to send messages in the name of Bob or Alice, or modify messages in transit Dramatis Personæ

4 Hash functions Symmetric encryption Asymmetric encryption What is in our toolbox?

5 Hash Functions A cryptographic hash function takes as input a binary string of arbitrary length and returns a binary string of a fixed length. Hash functions which satisfy some security proper- ties are very important in cryptog- raphy and are widely used in cryp- tographic applications such as dig- ital signatures, public-key encryp- tion systems, password protection schemes, and conventional message authentication. Some of these ap- plications are shown in the follow- ing chapters. Let H : {0, 1} ! {0, 1}n denote a hash function which returns a string of length n, see Figure 6.1. 0101...010111001 H : {0, 1}*  {0, 1} n Oscar cannot “tweak” the text and have same hash. Oscar cannot find two texts with same hash. Hash Algorithms: MD2,MD4,MD5 WhirlPool,SHA1,SHA256

6 Keyed Hash Functions A cryptographic hash function takes as input a binary string of arbitrary length and returns a binary string of a fixed length. Hash functions which satisfy some security proper- ties are very important in cryptog- raphy and are widely used in cryp- tographic applications such as dig- ital signatures, public-key encryp- tion systems, password protection schemes, and conventional message authentication. Some of these ap- plications are shown in the follow- ing chapters. Let H : {0, 1} ! {0, 1}n denote a hash function which returns a string of length n, see Figure 6.1. 0101...010111001 MAC :{0,1} k x {0, 1}*  {0, 1} n Key Message Authentication Code

7 Both Alice and Bob use the same key for encryption and decryption Example of Cipher Algorithms: DES, 3-DES, BlowFish, RC2, RC4, AES and Cameillia Symmetric encryption

8 Alice and Bob each have a Key Pair: A Public key and a Private Key Each Key Pair is constructed so that data encrypted with either key can be decrypted with the other. Asymmetric encryption

9 Public keys are published for all to see, private keys kept secret, thus: If Alice encrypts with her private key, anyone can decrypt the message If Alice encrypts with Bobs public key, only Bob can decrypt the messages with his private key Examples: RSA, DSA and EC elliptic curves. Asymmetric encryption

10 Symmetric vs Asymmetric Speed Slow Fast # of Keys 2 per person {2× ⍵ }Many {.5× ⍵ × ⍵ -1} Key Distribution Easy Public key Needs secure communication

11 Alice creates MAC MAC ← AuthSym(SymKey Alice&Bob, Data) Bob verifies MAC MAC ≡ AuthSym(SymKey Alice&Bob, Data) Authentication: Symmetric

12 Alice creates Signature sig←Encrypt(PrivKey Alice,Hash(data)) Bob verifies Signature Decrypt(PubKey Alice,sig) ≡ Hash(data) Also non-repudiation Authentication: Asymmetric

13 Alice Encrypts CipherText ← Encrypt(SymKey Alice&Bob,PlainText) Bob Decrypts PlainText ← Decrypt(SymKey Alice&Bob,CipherText) Secrecy: Symmetric

14 Alice Encrypts CipherText ← Encrypt(PubKey Bob,PlainText) Bob Decrypts PlainText ← Decrypt(PrivKey Bob,CipherText) Secrecy: Asymmetric

15 Alice Encrypts SymKey←Random CipherText ←Encrypt(SymKey,PlainText) EncSymKey←Encrypt(PubKey Bob,SymKey) Bob Decrypts SymKey←Decrypt(PrivKey Bob,EncSymKey) PlainText←Decrypt(SymKey,CipherText) Better Secrecy: Asymmetric

16 Alice Encrypts SymKey←Random EncSymKey←Encrypt(PubKey Bob,SymKey) CipherText ←Encrypt(SymKey,PlainText) sig←Encrypt(PrivKey Alice,Hash(PlainText)) Bob Decrypts SymKey←Decrypt(PrivKey Bob,EncSymKey) PlainText←Decrypt(SymKey,CipherText) Decrypt(PubKey Alice,sig)=Hash(PlainText) Even Better Secrecy

17 How do we keep our keys safe? Windows Certificate Store PKCS#11 smartcard From APL: in a PKCS#8 PKCS => Public-Key Cryptographics Standard Key Problem

18 The DCL is a DLL/so and a set of cover-functions Provides access to a large set of hashing and encryption functions Provides tools for dealing with ”certificates” containing keys Cross-platform (but cross Unicode/Classic is problematic due to translation issues) Dyalog Cryptographic Library

19 Store certificates and keep private keys secret. But: Limits on available algorithms Mimited tools for Dyalog Microsoft.Net Some Conga support Certificate Stores

20 OO example: Keyed Component file kf← ⎕ New KeyedFile ('D:\download\Keyed') kf['Products' 'Sales']←'Many' 'None' kf[ ⊂ 'Products'] Many Samples

21 OO example: Keyed Component file Extended to handle encrypted and compressed components. Samples

22 Based on the Keyed Component Class We need to add: User information Access information Encrypted Component file

23 1.User Id 2.Public Key 3.Salt 4.Repetitions 5.Initial Vector 6.Encrypted Private Key User Information

24 1.User Id 2.Key 3.Encrypt UserPubKey ( SymKey + Initial Vector + Hash ) Access Information

25 ∇ AddUser(user para);..... (PrivKey PubKey)←GenerateAsymKeys AsymKeyPairSize Salt←Random SaltSize iv←Random CipherBlockSize rep←PBKDF2Repetitions DerivedKey←DeriveKey para Salt rep CipherKeySize EncPrivKey←PrivKey EncryptSym DerivedKey iv users ⍪ ←user PubKey Salt rep iv EncPrivKey ∇ Add New User

26 ∇ data←apl NewComp key;... (type plain)←Compress Serialize apl symkey←Random CipherKeySize iv←Random CipherBlockSize digest←Hash plain uix←FindUser cuser cipher←plain EncryptSym symkey iv pubkey← ⊃ users[uix;2] encaccesskey←(symkey,iv,digest)EncryptASym pubkey access ⍪ ←cuser key encaccesskey data←type cipher ∇ Append Component

27 ∇ apl←data DecryptComp key;... (type cipher)←data (secret iv digest)←GetAccess cuser key cpara plain←cipher DecryptSym secret iv apl←Deserialize Decompress type plain ∇ Read a Component

28 ∇ r←GetAccess(user key para);... uix←FindUser user ('User ',user,' not found') ⎕ SIGNAL(0>uix)/11 aix←FindAccess user key ('User ',user,' has no access to ',key) ⎕ SIGNAL(0>aix)/11 (user Pubkey Salt rep iv EncPrivKey)←users[uix;] derivedkey←DeriveKey para Salt rep CipherKeySize privkey←EncPrivKey DecryptSym derivedkey iv accessinfo← ⊃ access[aix;3] r←SplitAccesskey(accessinfo)DecryptASym privkey ∇ Get Access

29 ∇ data←apl ReplaceComp key;... (type plain)←Compress Serialize apl (secret iv digest)←GetAccess cuser key cpara cipher←plain EncryptSym secret iv data←type cipher ∇ Replace Component

30 ∇ accesskey GiveAccessTo(user key);... uix←FindUser user ('User ',user,' not found') ⎕ SIGNAL(0>uix)/11 aix←FindAccess user key ('User ',user,' has access to ',key) ⎕ SIGNAL(0<aix)/11 encaccesskey←(( ⊃,/accesskey))EncryptASym ⊃ users[uix;2 ] access ⍪ ←user key encaccesskey ∇ Give Access to another user

31 Without experience and deep knowledge, it is difficult to evaluate the security of any mechanism: Use established standards! On your own

32 RFC for Public Key Cryptography Standard (PKCS#) The Handbook of Applied Cryptograhy Dyalog Cryptographic Library Futher infomation

Download ppt "Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Similar presentations

Ads by Google