Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography in.Net CS 795. Goals Confidentiality---no one else can intercept a message as it passes from A to B---Encryption is the answer Integrity---message.

Published byJeffery Strickland Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptography in.Net CS 795. Goals Confidentiality---no one else can intercept a message as it passes from A to B---Encryption is the answer Integrity---message."— Presentation transcript:

1 Cryptography in.Net CS 795

2 Goals Confidentiality---no one else can intercept a message as it passes from A to B---Encryption is the answer Integrity---message is not tampered as it passes from A to B --- Hashing is the answer Authentication---B wants to be sure to be sure it is A who has sent the message---digital signature is the answer Cryptography is key management

3 Hashing Algorithms Create a message digest or hash code for a given message Hashing algorithms break a message into fixed blocks (512 or 1024 bits) Given a seed value and the 1 st block, it produces a hash code. This hash code and the next block are fed again, that produce a new hash code. This continues until the last data block. The final hash code is the message digest.

4 .Net Framework Hashing Algorithms NameInput block size (bits) Message limit (bits) Hash code size (bits) MD55122 64 128 SHA-15122 64 160 SHA-2565122 64 256 SHA-3842 128 384 SHA-51210242 128 512

5 Programming Hashing Algorithms Managed (e.g., SHA1Managed) and unmanaged (e.g., SHA1CryptoServiceProvider) System.Security.Cryptography.HashAlgorithm class: Methods: Create, ComputeHash, Initialize, Clear, TransformBlock, SHA1Managed hash_alg = new SHA1Managed(); Or hashAlgorithm hash_alg = HashAlgorithm.Create(“SHA1”); byte[ ] hash_code = hash_alg.ComputeHash(message_data); To validate hash code, generate a new hash code and compare byte- by-byte.

6 Keyed Hashing Algorithms (MAC) These mix a secret key with the message data blocks when creating a hash code. HMAC is one standard to combine secret key and message data (e.g., HMAC-SHA- 1)---here the key is used as the 1 st data block HMAC-SHA-1 and MAC-Triple-DES KeyedHashAlgorithm hash_alg = KeyedHahAlgorithm.Create(“HMACSHA1”); Hash_alg.Key = key_bytes; byte [ ] hash_code = hasg_alg.ComputeHash(message_data);

7 Symmetric Encryption Both parties agree on a secret key Sender encrypts the message using secret key and sends the encrypted data Receiver decrypts the received data using the secret key To create encrypted data: (i) Data is treated as a number of fixed-size blocks (ii) The fixed-size blocks are converted to encrypted blocks

8 .Net Framework Encryption Algorithms NameBlock size (bits)Key length (bits) DES6456 RC26440,48,…,128 Triple-DES642 or 3 56-bit keys, expressed as 64-bit numbers Rijndale (AES)128,192,256

9 Programming Symmetric Encryption System.Security.SymmetricAlgorithm Managed (DES, TripleDES, RC2, Rijndeal) and unmanaged (DESCryptoServiceProvider, TripleDESCryptoServiceProvider…) Methods: Create, CreateEncryptor, CreateDecryptor, GenerateIV, ValidKeySize Padding mode: PKCS7 (value of the padding byte is the numbe rof padded bytes); Zeros (0’s are padded) Cipher Modes: ECB, CBC, CFB, CTS, OFB KeySizes structure: MinSize, SkipSize, MaxSize of the range of key sizes IV: Initialization vector;.Net Framework has some default value for it; but it can be changed Secret key: Same as in the case of IV

10 Configuring the Symmetric Encryption Algorithms SymmetricAlgorithm algx = SymmetricAlgorithm.Create(“Rijndael”); //This assigns default values to the parameters; but they may be changed as follows algx.BlockSize = 192; algx.KeySize = 128; KeySizes[ ] x_size_ranges = algx.LegalKeySizes; Console.WriteLine(x_size_ranges[0].MinSize); algx.Padding = PaddingMode.Zeros; algx.Mode = CipherMode.ECB; byte[ ] x_secretkey = algx.Key; // Get the secret key value assigned algx.Key = new byte[ ] {0x64, …..}; algx.IV = new bytes[ ] {…};

11 Symmetric Encryption (Cont.) Encrypting and Decrypting is done by ICryptoTransform interface SymmetricAlgorithm algx = SymmetricAlgorithm.Create(“Rijndael”); ICryptoTransform encryptorx = algx.CreateEncryptor(); ICryptoTransform decryptorx = algx.CreateDecryptor(); See pages 356-358 have an example

12 Asymmetric Encryption Public-key encryption A has a public-secret (or private) key pair B has a public-secret (or private) key pair A encrypts a message using B’s public key and sends it to B B uses corresponding secret key to decrypt it Main limitation: Very slow relative to symmetric encryption

13 Creating Asymmetric Keys RSA (Rivest, Shamir, Adleman, 1977) Algorithm: 1.Choose two large random #s, p and q, of equal length and multiply them together to create n, the RSA key modulus: n=p*q; If p=23, q=31, n=713 2.Randomly choose e, the public exponent so that e and (p-1)(q-1) are relatively prime (i.e., share no common factors except 1). In the above, (p-1)(q-1)=660; choose e=19 3.Find d such that d*e = 1 mod (p-1)(q-1) 19d= 1 mod 660; So 19d=661, 1321, 1981, 2641,.. Here, d=2641/19=139 4. Public key consists of e and n. Private key is d. Discard p and q, but do not reveal their values. Why is RSA algorithm secure? Because it is hard to find the factors of a large number. Here, we are given n. So we have to find factors p and q so that n=p*q

14 Encryption (with asymmetric keys) Break the plaintext into small blocks of data Encrypt each plaintext block using the public key and the encryption function Concatenate the encrypted blocks Length of block = trunc[(length of n in the public key -1)/8] RSA Algorithm Example: Encryption: If m= 25, (n=713,e=19) as the public key, c=(m e )mod n = (25 19 )mod 713 = 156 Decryption: c=156, use private key (n=713, d=139), compute m = c d (mod n) = 156 139 mod 713 =

15 RSA Cipher Demonstration

16 How secure is Asymmetric Encryption? Symmetric key length (bits)Asymmetric key length (bits) 64512 80768 1121792 1282304 Given only the public key e and n, how many computations does it take to discover the private key d? Once we know factors p and q, it is relatively easy to calculate d, and decrypt cipher text. So the secret is in the values d,p, and q.

17 Programming Asymmetric Encryption System.Security.Cryptography.AsymmetricAlgorithm System.Security.Cryptography.RSA System.Security.Cryptography.RSACryptoServiceProvider

18 Digital Signatures Purpose: For receiver to verify the sender (or author) Use asymmetric keys Sender signs the message; receiver verifies it A generates a digital signature on a message using its private key; B receives the message and the signature; B uses A’s public key to verify the and that the content has not been changed Due to the slow performance of the asymmetric algorithms, A first creates a cryptographic hash code of the message and then applies the signature algorithm on the hash code. Joint signatures on a document

19 DS: Generation/Verification

20 RSA Algorithm for DS Digital signing Sender A does the following:- 1.Creates a message digest (hash code) of the information to be sent. 2.Represents this digest as an integer m between 0 and n-1. 3.Uses her private key (n, d) to compute the signature s = m^d mod n. 4.Sends this signature s to the recipient, B. Signature verification Recipient B does the following:- Uses sender A's public key (n, e) to compute integer v = s^e mod n. Extracts the message digest from this integer. Independently computes the message digest (hash code) of the information that has been signed. If both message digests are identical, the signature is valid.

21 DS and Encryption/Decryption Decryption and signing are identical as far as the mathematics is concerned as both use the private key. Similarly, encryption and verification both use the same mathematical operation with the public key. That is, mathematically, m = (m^e mod n)^d mod n = (m^d mod n)^e mod n, m < n However, note these important differences in implementation:- –The signature is derived from a message digest of the original information. The recipient will need to follow exactly the same process to derive the message digest, using an identical set of data. –The recommended methods for deriving the representative integers are different for encryption and signing (encryption involves random padding, but signing uses the same padding each time).

22 DS Algorithms in.Net RSA algorithm (used for encryption and digital signatures) DSA or Digital Signature Algorithm (only digital signature, not encryption) Hashing algorithms to be used prior to digital signature generation: MD5, SHA-1, SHA-256 (minimum key length 256 bit ), SHA-384, SHA- 512 http://en.wikipedia.org/wiki/SHA_hash_functions

23 XML Signatures.Net supports XML signatures specification or XMLDSIG for XML documents Programming.Net Security Adam Freeman 2004 (i)Create a URL reference for the document (page 414, O’Reilly) (ii)Create a new instance of the SignedXML class and the URL reference; (iii)Create a new asymmetric signing algorithm instance and assign it to the reference object created along with all other parameters (signing key, etc.) (iv)Call ComputeSignature on the reference object. (v)Use GetXml().OuterXml to get the signature. Follow similar procedure for verification of the signature.

24 Performance of web services security Performance Comparison: Security Design Choices

Download ppt "Cryptography in.Net CS 795. Goals Confidentiality---no one else can intercept a message as it passes from A to B---Encryption is the answer Integrity---message."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:

1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)

Similar presentations

Ads by Google