Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.

Published byGeraldine Jacobs Modified over 8 years ago

Similar presentations

Presentation on theme: "Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University."— Presentation transcript:

1 Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University Based on Chapter 18 of William Stallings, Data and Computer Communication, 6 th Ed.

2 Encryption No. 2  Seattle Pacific University Living in a Glass House Public networks are public... Chances for eavesdropping or worse LANs – may broadcast all packets to all stations within your collision domain WANs - shared public resources Service providers Hackers at every point... Network model is inherently insecure Passing data to an unreliable third party many times over

3 Encryption No. 3  Seattle Pacific University The Need for Encryption Transmission of sensitive data Classical use of encryption Sender encodes data in such a way that only the intended recipient(s) can decipher it Identity verification Sender provides a digital signature that cannot be easily produced by any other entity Receiver can easily verify signature Data encoding and Digital Signatures can be provided using encryption

4 Encryption No. 4  Seattle Pacific University Goals for an Encryption Scheme Difficult to break Probability of breaking the code within any reasonable amount of time should be very small Fast encoding and decoding If encoding/decoding is too complex or too slow, users will bypass it Easy distribution of keys Secret key distribution can be an issue Frequent key changes needed for security

5 Encryption No. 5  Seattle Pacific University Code Breaking Assume that the attacker has: Samples of matched plaintext and ciphertext Lots of computing power Knowledge of the plaintext language Cryptanalysis Gather information that you can Size of documents, plaintext/ciphertext pairs, frequency of documents, language Think really hard Brute force Randomly try keys until something works Bits in keyTime to crack (10 6 encryptions/s) 3235.8 min 561142 years 1285.4 x 10 24 years 1685.9 x 10 36 years

6 Encryption No. 6  Seattle Pacific University Symmetric Encryption Sender and all recipients use the same key Sender encrypts plaintext using the common secret key Encrypted ciphertext is sent over a public channel Receiver decrypts ciphertext back into plaintext using the common secret key PlaintextCiphertextPlaintextCiphertext Public Network Symmetric Encryption requires that sender and receiver both know the same secret key

7 Encryption No. 7  Seattle Pacific University DES - Data Encryption Standard DES – US government standard from 1977-2001 Symmetric encryption 56-bit key Basic idea: Repeatedly XOR and shift XORing - Great for encryption 10001110 plaintext xor 01101101 key 11100011ciphertext xor01101101key 10001110plaintext A special DES-cracking machine built by the Electronic Frontier Foundation in 1999 can crack DES in under three days. --> DES is dead

8 Encryption No. 8  Seattle Pacific University Replacing DES Triple DES (TDEA) Run DES three times, yielding a key length of 168 bits Short-term replacement for DES Advanced Encryption Standard (AES) / Rijndael US Approved in 2002 Block algorithm, 128, 192, or 256-bit key 128-bit approved through US “Secret” 192+ bits approved for US “Top Secret”

9 Encryption No. 9  Seattle Pacific University Key Distribution With symmetric codes, both sender and receiver need to have the secret key How does the sender safely send the key? 1. Send it manually via secure courier Expensive, time-consuming 2. Send a new key using the previous key Fine, but what if the old key was compromised? 3. Use a key distribution center Sender requests that a session key be sent to both the sender and receiver Key is used for this session only

10 Encryption No. 10  Seattle Pacific University Public-Key Encryption Receiver has two matched keys - Public and Private Public key can only encode – private key needed to decode Sender encrypts plaintext using the Public Key Encrypted ciphertext is sent over a public channel Receiver decrypts ciphertext back into plaintext using the Receiver’s Private Key Receiver sends Receiver’s Public Key to the Sender Public Network Pub Priv Pub Priv Sender Receiver PlaintextCiphertextPlaintextCiphertext Pub

11 Encryption No. 11  Seattle Pacific University RSA Public Key Encryption Rivest, Shamir, Adleman (1977) Involves the use of the product of two (large) prime numbers Public and Private Keys include the above product and some mathematical functions of the prime factors Cracking the code Factoring the product will crack the code... RSA authors (in 1977) predicted a 428-bit code would take 40,000,000,000,000 years to crack Internet consortium cracked it in 1994 1024-bit or more keys are used today...

12 Encryption No. 12  Seattle Pacific University Public Key Issues Man-in-the-Middle Imposters An imposter might send you an encrypted message Requires sender authentication RSA is slow Complicated math, 1024-bit (or more) keys Symmetric codes are faster Use a combined public key/symmetric method Establish a session using public key methods Send the receiver a session key for a symmetric method Use the symmetric key for the rest of the session

13 Encryption No. 13  Seattle Pacific University Sender Authentication PlaintextCiphertext of Hash PlaintextCiphertext of Hash Public Network Pub Priv Pub Priv Sender Receiver Pub Sender “encrypts” document using sender’s private key This document is sent to the receiver Receiver decrypts signature using sender’s public key If document is readable, it must have been encrypted using the sender’s private key, which only the sender has access to

14 Encryption No. 14  Seattle Pacific University Public-Key Encryption + Authentication Sender sends document using public key encryption Digital Signature Ciphertext of DS Digital Signature Ciphertext of DS Public Network Pub Priv Pub Priv Sender Receiver Plaintext CiphertextPlaintextCiphertext Pub Sender computes a digital signature of the document using a one-way hash function Sender sends digital signature of document using authentication methods =? Receiver authenticates encrypted message message by confirming that digital signature matches received plaintext

Download ppt "Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University."

Similar presentations

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Similar presentations

Ads by Google