Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia."— Presentation transcript:

1 Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia

2 Objectives  Describe symmetric and asymmetric cryptographic methods  Describe hashing and major hash functions  Explain public key infrastructure (PKI) 2

3 Cryptography?  Traditionally, cryptography refers to  The practice and the study of encryption  Transforming information in order to prevent unauthorized people to read it.  Today, cryptography goes beyond encryption/decryption to include  Techniques for making sure that encrypted messages are not modified en route  Techniques for secure identification/authentication of communication partners. 3

4 Question 2) Which of the following security issues is addressed by cryptographic systems? a) Confidentiality; i.e. protection against eavesdropping b) Authentication; i.e. assurance parties involved in a communication are who they claim to be c) Message integrity; i.e. assurance that messages are not altered en route d) Availability; i.e. making sure that communication systems are not shut down by intruders. e) All of the above 4

5 Basic Terminology Network Plaintext “Hello” Ciphertext “11011101” Plaintext “Hello” Decryption Algorithm Interceptor Party A Party B  Plaintext: original message to be sent. Could be text, audio, image, etc.  Encryption/Decryption Algorithm: mathematical tool (software) used to encrypt or decrypt  Key: A string of bits used by to encrypt the plaintext or decrypt the ciphertext  Ciphertext: encrypted message. Looks like a random stream of bits + Decryption key Encryption Algorithm + Encryption key 5

6 Basic Terminology (cont.)  Encryption:  Converting plaintext into ciphertext using algorithms and keys  The size of the ciphertext is proportional to the size of the plaintext  Ciphertext is reversible to plaintext  Symmetric Key Encryption:  Same key is used both for encryption and decryption  Keys are usually identical or trivially identical*  Asymmetric Key Encryption:  Also called Public/Private Key Encryption  Two different keys are used: one for encryption, one for decryption Party A Party B Party A Party B * Trivially identical means simple transformation could lead from one key to the another. Flexcrypt: http://www.flexcrypt.com/flexcryptfree.htmlhttp://www.flexcrypt.com/flexcryptfree.html 6

7 Questions 3) Based on how symmetric encryption systems work, which of the following is the worst thing to happen? a) An attacker gets a copy of the encryption and decryption algorithms b) An attacker gets the decryption key c) a and b are equally damaging 4) Which of the following presents more challenge for exchanging keys between partners? a) Asymmetric encryption b) Symmetric encryption c) A and b are equally challenging 7

8 Symmetric Key Encryption methods  Two categories of methods  Stream cipher: algorithm operates on individual bits (or bytes); one at a time  Block cipher: operates on fixed-length groups of bits called blocks  Only a few methods are used today MethodsYear approvedComments Data Encryption Standard - DES19771998: Electronic Frontier Foundation’s Deep Crack breaks a DES key in 56 hours DES-Cipher Block Chaining Triple DES – TDES or 3DES1999 Advanced Encryption Standard – AES2001Most used today Other symmetric encryption methods IDEA (International Data Encryption Algorithm), RC5 (Rivest Cipher 5), CAST (Carlisle Adams Stafford Tavares), Blowfish 8

9 Data Encryption Standard (DES) DES Encryption Process 64-Bit Ciphertext Block 64-Bit DES Symmetric Key (56 bits + 8 redundant bits) 64-Bit Plaintext Block  DES is a block encryption method, i.e. uses block cipher  DES uses a 64 bit key; actually 56 bits + 8 bits computable from the other 56 bits  Problem: same input plaintext gives same output ciphertext 9

10 DES-Cipher Block Chaining First 64-Bit Plaintext Block DES Encryption Process Second 64-Bit Plaintext Block First 64-Bit Ciphertext Block Initialization Vector (IV) DES Encryption Process Second 64-Bit Ciphertext Block DES Key  DES-CBC uses ciphertext from previous block as input making decryption by attackers even harder  An 64-bit initialization vector is used for first block 10

11 Public Key Encryption methods  Asymmetric encryption methods are used both for  Encryption in order to provide confidentiality  Digital signature in order to provide partners’ authentication MethodsYear proposedComments RSA by Ron Rivest, Adi Shamir, and Leonard Adleman 19771995: First attack in lab conditions was reported Elliptic Curve Cryptosystem - ECC1985Becoming widely used Other symmetric encryption methods: Dieffe-Hellman, El-Gamal 11

12 Hashing  Hashing:  Mathematical process for converting inputs into fixed-length outputs  Hash function:  Algorithm that does the hashing. Uses an input + a shared secret or password. Example: MD5, Secure Hash Algorithm.  Hash:  Fixed-length output of the hashing 12

13

14 Encryption Versus Hashing Encryption Uses a key as an input to an encryption method Output is similar in length to input Reversible; ciphertext can be decrypted back to plaintext Use of Key Length of Result Reversibility Hashing Password is usually added to text; the two are combined, and the combination is hashed Output is of a fixed short length, regardless of input One-way function; hash cannot be “de-hashed” back to the original string 14

15 Asymmetric methods in B2B Phase 1: Initial Negotiation of Security Parameters Phase 2: Mutual Authentication Client PC Server Phase 3: Key Exchange or Key Agreement Three Initial “Hand-Shaking” Phases Phase 4: Ongoing Communication with Message-by-Message Confidentiality, Authentication, and Message Integrity 15

16 Hashing for Authentication * Challenge Handshake Authentication Protocol  CHAP* is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients 1)After the completion of the link establishment phase, the server sends a "challenge" message to the client. 2)The client responds with a value calculated using a one-way hash function, such as an MD5 or SHA (Secure Hash Algorithm). 3)The server checks the response against its own calculation of the expected hash value. If the values match, the server acknowledges the authentication; otherwise it should terminate the connection. 4)At random intervals the server sends a new challenge to the peer and repeats steps 1 through 3. Shared secret

17 Digital Signature for Message- by-Message Authentication To Create the Digital Signature: 1. Hash the plaintext to create a brief Message Digest; this is NOT the Digital Signature. 2. Sign (encrypt) the message digest with the sender’s private key to create the Digital Signature. 3. Transmit the plaintext + digital signature, encrypted with symmetric key encryption. Plaintext MD DS Hash Sign (Encrypt) with Sender’s Private Key 4. Encrypted with Session Key DSPlaintext Sender Receiver 17

18 Digital Signature for Message -by-Message Authentication To Test the Digital Signature 5. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest. 6. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 7. If the two match, the message is authenticated. MD Received Plaintext MD DS 5.6. Hash Decrypt with True Party’s Public Key 7. Are they equal? Plaintext MD DS Hash Sign (Encrypt) with Sender’s Private Key 18

Download ppt "Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.

Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google