Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

Published byJesse Kelly Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of."— Presentation transcript:

1 Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of Impostors –Uses encryption –So encryption is not only for privacy and confidentiality!

2 Authentication Authentication methods: Passwords –Most users pick short passwords that are easy to guess with exhaustive search –Users often pick passwords that are common words or repetitive letter combinations; Even easier to guess –Automated password cracking is very effective

3 Authentication Authentication methods: Passwords –Often, weak passwords protect more important systems –Users must be forced to pick long passwords containing case changes and numerals, such as Tri6Vial

4 Authentication Authentication methods –Biometrics Fingerprint analysis, iris analysis, etc. New and not standardized –Authentication Card Push into slot of a machine Also must give password usually –Public Key Authentication Prove that sender holds their private key, which only they should know

5 Authentication Verifier is the party who wishes the other party to authenticate themselves Applicant is the other party, which wishes to prove its identity Applicant Verifier Prove Your Identity

6 Challenge-Response Authentication Verifier sends the applicant a challenge message –This challenge message is a string of bits Applicant Verifier Challenge Message

7 Challenge-Response Authentication Applicant sends back a response message –This is the challenge message encrypted with the applicant’s private key Applicant Verifier Response Message

8 Challenge-Response Authentication Verifier decrypts the response message with the true party’s public key –If matches the challenge message, was encrypted with the true party’s private key, which only the true party should know –Applicant is authenticated Applicant Verifier Response Message Challenge Message

9 Frequency of Authentication Challenge-Response Authentication –Only done initially –Or done at most a few times during a session Digital Signature Authentication (next) –Provides authentication for every message –Called message-by-message authentication –Also provides message integrity—proof that the message has not been changed en route

10 Public Key Authentication Ultimate goal is to send an original plaintext message from the applicant to the verifier –If security was not an issue, the applicant simply would send it Applicant Verifier Original Plaintext

11 Public Key Authentication Ultimate goal is to send an original plaintext message from the applicant to the verifier –If only confidentiality was an issue, would merely encrypt the original plaintext with a symmetric session key Applicant Verifier Ciphertext Using Symmetric Key

12 Public Key Authentication For authentication, also send a digital signature with each packet First create a message digest (MD) –A small binary string calculated on the basis of all of the bits in the message Message Digest Calculation

13 Public Key Authentication First create a message digest (MD) –Normally, use a process called hashing –For a message of arbitrary size, hashing produces a small number of predictable size –MD5: 128 bits –SHA-1: 160 bits Message Digest Hash

14 Public Key Authentication First create a message digest (MD) –Hashing is not reversible –Cannot get back original message if you know its hash –Just done to produce something small enough (message digest) to encrypt with public key encryption Message Digest Hash

15 Public Key Authentication Next create a digital signature –Encrypt the message digest with sender’s private key, which only the sender should be able to do –Also called signing the message digest with the sender’s private key Digital Signature Encrypt with Sender’s Private Key Message Digest

16 Public Key Authentication Next create a digital signature –Encrypt message digest with sender’s private key, which only the sender should be able to do; creates the digital signature –Message digest is short, so public key encryption is not too burdensome Digital Signature Encrypt with Sender’s Private Key Message Digest

17 Public Key Authentication Note –Message digest is a hash of the original message –MD is not encrypted –Digital signature is what you get when you encrypt the MD with public key encryption –Do not confuse the two Digital Signature Encrypt with Sender’s Private Key Message Digest

18 Public Key Authentication Encrypt combined message and digital signature with the symmetric session key and send to the receiver –This gives confidentiality (privacy) during transmission –Easy to forget the encryption with the symmetric session key Digital Signature Message Encrypt with symmetric session key

19 Public Key Authentication –Receiver decrypts ciphertext with symmetric session key –Then decrypts digital signature with sender’s public key to get the original message digest –This is the transmitted message digest Digital Signature Decrypt with Sender’s Public Key Transmitted Message Digest

20 Public Key Authentication –Receiver then hashes the original plaintext, just as the sender did –This is the computed message digest Original Plaintext Computed Message Digest Hashed

21 Public Key Authentication –If the transmitted and computed message digests match, the sender is authenticated as being the true party Because the digital signature was signed with the true party’ private key, as shown by decryption with the true party’s public key Message Digest from Digital Signature Message Digest Computed from Original Plaintext

22 Public Key Authentication Digital Signature also Provides Message Integrity –Proof that the message has not been altered en route –If message has been changed by error or by an attacker, message digests will not match Message Digest from Digital Signature Message Digest Computed from Original Plaintext

Download ppt "Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga.

Information Security 1 Information Security: Lecture no 7 Jeffy Mwakalinga.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.

Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
Chapter 31 Network Security

Chapter 31 Network Security

Similar presentations

Ads by Google