Presentation is loading. Please wait.

Presentation is loading. Please wait.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII."— Presentation transcript:

1 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII

2 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 2 Security Topics

3 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 3 Chapters Chapter 29 Cryptography Chapter 30 Message Authentication, User Authentication, and Key Management Chapter 31 Security Protocols in The Internet

4 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 4 Chapter 29 Cryptography

5 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 5 Cryptography Cryptography refers to the science and art of transforming messages to make them secure and immune to attacks. Original message before being transformed is called plaintext. After the message is transformed, is called ciphertext. An encryption algorithm transforms the plaintext to ciphertext; a decryption algorithm transforms the ciphertext back to plaintext. The term cipher is used to refer to encryption and decryption algorithms.

6 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 6 Encryption and Decryption A key is a number (value) that the cipher, as an algorithm, operates on. To encrypt a message, we need an encryption algorithm, an encryption key, and the plaintext. These create the ciphertext. To decrypt a message, we need a decryption algorithm, a decryption key, and the ciphertext. These reveal the plaintext. In cryptography, the encryption/decryption algorithms are public; but the keys are secret.

7 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 7 Types of Cryptography Algorithms Symmetric-Key Cryptography Also known as Secret-key Asymmetric-key Cryptography Also Known as public-key

8 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 8 Symmetric-key cryptography In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. In symmetric-key cryptography, the same key is used in both directions The algorithm used for decryption is the inverse of the algorithm used for encryption. It takes less time to encrypt a message using a symmetric-key algorithm than it takes to encrypt using a public-key algorithm. Symmetric-key cryptography is often used for long messages Dis-adv: Each pair of users must have a unique symmetric key.

9 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 9 Traditional Ciphers Substitution Cipher Monoalphabetic Substitution Polyalphabetic Substitution Transpositional Cipher Block Cipher Data Encryption Standard (DES)

10 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 10 Monoalphabetic Substitution A cipher using the substitution method substitutes one symbol with another. Monoalphabetic: A character in the plaintext is always changed to the same character in the ciphertext regardless of its position in the text. Example: Caesar Cipher. Here, shifting of key is used. Easy to attack.

11 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 11 Example of Monoalphabetic substitution In monoalphabetic substitution, the relationship between a character in the plaintext to the character in the ciphertext is always one-to-one

12 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 12 Polyalphabetic Substitution In polyalphabetic substitution, the relationship between a character in the plaintext and a character in the ciphertext is one-to-many Each occurrence of a character can have a different substitute Key is like: Take the position of the character in the text, divide the number by 10, and let the remainder be the shift value. Ex. Vigenere Cipher. Difficult to attack when compared to Monoalphabetic. Although the encryption changes the frequency of the characters, the character relationships are still preserved. So, good trial-and-error attack can break the code.

13 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 13 Transpositional cipher The characters retain their plaintext form but change their positions to create the ciphertext. The text is organized into a two-dimensional table, and the columns are interchanged according to a key. The character frequencies are reserved, and the attacker can find the plaintext through trial and error.

14 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 14 Block cipher Traditional ciphers used a character or symbol as the unit of encryption/decryption. Modern ciphers use a block of bits as the unit of encryption/decryption. P-box (P for permutation) performs a transposition at the bit level. It can be implemented in hardware or software, but hardware is faster. Both the plaintext and ciphertext have the same number of 1s and 0s.

15 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 15 Block cipher S-box (S for substitution) performs a substitution at the bit level. The S-box substitutes one decimal digit with another. The S-box normally has three components: an encoder, a decoder, and a P-box. The decoder changes an input of n bits to an output of 2 n bits. This output has one single 1 (the rest are 0s) located at a position determined by the input. The P-box permutes the output of decoder, and the encoder changes the output of the P-box backs to a binary number in the same way as the decoder, but inversely. P-box

16 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 16 Product block P-boxes and S-boxes can be combined to get a more complex cipher block, called Product block. Data Encryption Standard (DES) uses an algorithm that encrypts a 64-bit plaintext using a 56-bit key. The text is put through 19 different and complex procedures to create a 64-bit ciphertext.

17 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 17 General scheme of DES DES has two transposition blocks, one swapping block, and 16 complex blocks called iteration blocks. The 16 iterative blocks are conceptually the same, but each uses a different key derived from the original key. DES works on 8 characters (bytes) at a time.

18 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 18 Figure 29.14 Iteration block In each block, the previous right 32 bits become the next left 32 bits (swapping). The next right 32 bits, however, come from first applying an operation (a function) on the previous right 32 bits and then XORing the result with the left 32 bits.

19 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 19 Figure 29.15 Triple DES To lengthen the key and at the same time keep the new block compatible with that of the original DES. The DES cipher uses the same concept as the Caesar cipher, but the encryption/decryption algorithm is much more complex due to the sixteen 48-bit keys derived from a 56-bit key Triple DES uses three DES blocks and two 56-bit keys.

20 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 20 Operation Modes DES and triple DES are actually long substitution ciphers that operate on eight-character segments (sometimes called long characters). To encrypt and decrypt long messages (1000 characters), several modes are used. In Electronic code block (ECB) mode, we divide the long message into 64-bit blocks and encrypt each block separately. Encryption of each block is independent of other blocks in ECB mode.

21 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 21 CBC mode In cipher block chaining (CBC) mode, the encryption (or decryption) of a block depends on all previous blocks. To encrypt the second plaintext block (P 2 ), we first XOR it with the first cipher block (C 1 ) and then pass it through the encryption process. In this way, C 2 depends on C 1. A 64-bit random number, called the initialization vector (IV) is used. The IV is sent with the data so that the receiver can use it in decryption.

22 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 22 CFM Cipher feedback mode (CFM) was created for those situations in which we need to send or receive data 1 byte at a time, but still want to use DES (or triple DES). One solution is to make a 1-byte C N dependent on a 1-byte P N and another byte, which depends on 8 previous bytes itself.

23 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 23 CSM To encrypt/decrypt 1 bit at a time and at the same time be independent of the previous bits, we can use cipher stream mode (CSM). In this mode, data are XORed bit by bit with a long, one-time bit stream that is generated by an initialization vector in a looping process.

24 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 24 Public-key cryptography Two keys: a private key and a public key. The private key is kept by the receiver and the public key is for public use. Public-key that is used for encryption is different from the private key that is used for decryption. Adv: Removes the restriction of a shared symmetric key between two entities who need to communicate with each other. Each shared key is used by two parties only. The number of keys needed is reduced tremendously. Public-key algorithms are more efficient for short messages. Disadv: Complexity of the algorithm; To be effective we need large numbers Association between an entity and its public key must be verified [Certification authority].

25 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 25 Public-key cryptography

26 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 26 RSA Algorithm RSA (Rivest, Shamir, Adleman) is the most common public-key algorithm. Private key is a pair of numbers (N,d) = (119, 77). Public key is a pair of numbers (N,e) = (119, 5). Note that N is common to the private and public keys. Sender algorithm to encrypt: C=P e mod N P is plaintext, which is represented as a number; C is the number that represents the ciphertext. The two numbers e and N are components of the public key. Receiver algorithm to decrypt: P=C d mod N

27 McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 27 Numbers like d and e are very large numbers (on the scale of tens of digits). Thus using trial and error method to get these numbers will take a very long time. Procedure to choose three numbers N, d, and e. Choose two large prime numbers p and q. Compute N = p * q Choose e (less than N) such that e and (p-1)(q-1) are relatively prime (having no common factor other than 1) Choose d such that (e*d) mod [(p-1)(q-1)] is equal to 1. Selecting Public and Private Keys

Download ppt "McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
K. Salah1 Cryptography Module II. K. Salah2 Data Encryption Standards DES.

K. Salah1 Cryptography Module II. K. Salah2 Data Encryption Standards DES.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Network Security Chapter

Network Security Chapter
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google