Pertemuan-13 Enkripsi and Authentication. Symmetric-key Cryptography  Data encrypted and decrypted with same key  Classical examples: Caesar cipher,

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Digital Signatures. Anononymity and the Internet.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Cryptography 101 Frank Hecker
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
COMP 416 :: Fall 2010 Security Lecture 17 COMP 416 Fall 2010.
Supporting Technologies III: Security 11/16 Lecture Notes.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Linux Networking and Security Chapter 8 Making Data Secure.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
Encryption Coursepak little bit in chap 10 of reed.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
Digital Signatures and Digital Certificates Monil Adhikari.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
1 Internet data security (HTTPS and SSL) Ruiwu Chen.
Digital Signatures.
Cryptography Much of computer security is about keeping secrets
Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.
Cryptography Reference: Network Security
Cryptography Reference: Network Security
Security through Encryption
The Secure Sockets Layer (SSL) Protocol
Cryptography Reference: Network Security
Electronic Payment Security Technologies
Fluency with Information Technology Lawrence Snyder
Presentation transcript:

Pertemuan-13 Enkripsi and Authentication

Symmetric-key Cryptography  Data encrypted and decrypted with same key  Classical examples: Caesar cipher, one-time pad, Enigma Machine

Symmetric-key Cryptography: Drawbacks  How do the parties get the shared, secret key? How do we transmit this or establish it securely? Must have some secret or ‘offline’ way of sending the secret. This is really hard to do in some situations… You could read it to them over the phone, but someone could be tapping your phone in addition to your internet connection. How can we both get the shared secret?

Public Key Cryptography Each user has a keypair, consisting of a public and private key  Anything encrypted with one key may only be decrypted by the other.  To make message readable only by B, encrypt message using B's public key

Where we are now…  We can send coded messages without having to establish any shared secret keys between us ahead of time.  There’s another exciting application of this technology from the fact that Public and Private keys can be used to decode one another (no matter which is used to encode in the first place).  But why would someone code a message with their private key. Anyone in the world could use their public key to decode it…

Digital Signatures I  Well, what would the receiver know about the sender of a message if Bob Smith’s public key can decode the message?  Whoever sent the message had Bob Smith’s private key… (So, it was probably Bob Smith.)  We’re no longer keeping the contents of a message secret. Now we have found a way to verify who was the sender of a message.  Also, we know that nobody but Bob Smith modified the contents of the message along the way. (So, it’s intact and how Bob last saw it.)

Digital Signatures II Using Public-Key Crypto for Strong Authentication  Switch the roles of the keys Encrypt with Private key ("signing") Decrypt with Public key ("verifying" )  Anyone (B) can read the message,  But only A could have generated it

Digital Signatures III  But there’s a problem… The Encoding/Decoding step for public/private key cryptography is really slow.  For secret agents and governments and people who really care about the secrecy of their message, this isn’t a big deal.  But for a lot of people who’d just like a digital signature, this slowness almost makes it not worthwhile to use the technology.

Digital Signatures IV  What if we only encrypt a part of the message? But then someone could go in and change the non-signed part, and we’d never know if Bob Smith really did that.  What if there was some good way to calculate some compressed or smaller form of the text and then encrypt/sign that?  But the smaller piece of text (or “digest”) would have to reflect the whole text in some way or else we have the same forgery problem as above. There are ways to do this…

Digital Signatures V  Remember our original digital signature picture?

Digital Signatures VI Signature Generation: Signature Verification:

A Digitally Signed Message (PGP) -----BEGIN PGP SIGNED MESSAGE----- Dear Alice: I'm getting very tired of cryptographers talking about us behind our back. Why can't they keep their nosesin their own affairs?! Really, it's enough to make me paranoid. Sincerely, Bob -----BEGIN PGP SIGNATURE----- Version: iQB1AwUBL4XFS2F2HFbSU7RpAQEqsQMAvo3mETurtUnLBL zCj9/U8oOQg/T7iQcJvzMedbCfdR6ah8sErMV+3VRid64o2h2 XwlKAWpfVcC+2v5pba+BPvd86KIP1xRFIe3ipmDnMaYP+iV bxxBPVELundZZw7IRE=Xvrc -----END PGP SIGNATURE-----

But we’ve made an assumption here…  We’ve assumed that there’s an easy and accurate way to look up the public key for someone.  What if some imposter just makes a web page, claims to be Bob Smith, and publishes a public key that is supposedly for Bob Smith (but it’s really for them).  Now this imposter could send us s, sign them as Bob Smith, and we might now know the difference.

Verify a Public Key…  How can we know that the public key we look up for someone really is the correct public key for that person. (And not just some key put up by an imposter who’s pretending to be Bob Smith.)  Well, there’s companies that make a big business out of this. They keep secure registries of listings of actual people and corporations and store a copy of their official public key.  You can go to this trusted company and know you’re getting the right public key for Bob Smith.

A lot of business for one company…  But there could be millions of times a day that people need to check digital signatures. This could just overwhelm some company.  So, the one company can also verify that a second company is also a trustworthy place to ask about people’s public keys.  So, now future requests for verification of public keys can go to these sub-companies.

Chain of Trust I  There’s a “Chain of Trust.” Start with a ‘root’ and grow the trust tree/chain until we find a company that is willing to verify Bob Smith’s public key. VeriSign Microsoft MSN Bob Smith

Chain of Trust II  There’s a “Chain of Trust.” Start with a ‘root’ and grow the trust tree/chain until we find a company that is willing to verify Bob Smith’s public key. VeriSign Microsoft MSN Bob Smith Sheila Roy

That slowness problem…  So, we’ve seen: Symmetric Cryptography – Fast. Asymmetric (or Public Key) Cryptography – Slow. Digital Signatures (which use Private/Public Keys) —Chains of Trust of public key verification.  We also saw how to deal with the slowness issue for digital signatures. (Using a “digest.”)  Is there any way we can compensate for slowness in the general message encoding task? Can we get the speed of symmetric cryptography? With the convenience of public key cryptography?

What’s the problem with each?  Asymmetric is slower than symmetric.  Symmetric is hard to use because you need a secret/secure way to agree on your shared key.  What if we use the slow asymmetric cryptography to send a very short message: We send the secret shared key for symmetric.  Then we use symmetric crypto from then on. “Secure Socket Layer” Coding.

Secure Socket Layer  Used by most websites for secure connections and for financial transactions to keep info safe.  Encrypts the info you send to the site and the info it sends to you. It also authenticates that the site you are connected to is really who you think it is.  You can tell that this is being used when you see the little yellow padlock icon in Internet Explorer.  SSL uses Symmetric crypto, Asymmetric crypto, and Digital Signatures.

How does SSL Work? (1)  Go to a website for a financial transaction.  It sends you a ‘certificate’ claiming to be some organization and claiming to have some public key.  Your browser uses a chain of trust until it finds a site you trust to will “vouch” for the accuracy of the certificate the website sent you.  Now, you know that the Amazon.com site you are looking at is really authentic. You also know the public key for Amazon; so, you can send it stuff.

How does SSL Work? (2)  Now you can send stuff to Amazon securely using asymmetric public/private key cryptography. But this is a bit slow.  What do you send them? SHARED SECRET KEY.  If you both have this shared secret key, you can now use symmetric cryptography to do the rest of the transaction and send info in both directions. Symmetric crypto is a lot faster than asymmetric.

Look at a web page with a certificate…  Check out  Go to the Personal Banking Log-in Page.  File: Properties: Certificates.  This webpage is digitally signed by the bank so that you know it is the official bank web page and not some kind of imposter.  In this case, a ‘root’ has directly verified the bank’s public key.

Key length and security in real use  How could we break each part of this?  Factoring is the method to break public/private keys; to break a 1024-bit private key, one would need to factor an integer of length 1024 bits (or over 300 decimal digits), which is well beyond what anybody has done to date (currently people can factor numbers of about 130 digits with lots of computing power and time ….) (from RSA Security)

Key length and security in real use II But one can also attack encryption by trying to break the symmetric key…. Here, there’s no math trick to break it. You just try all the possible keys. But adding just one bit to the length of a symmetric key doubles the number of possible keys and the amount of time that is needed to find the right one. For example, the number of possible keys in a 56-bit encrypted message is about 72 quadrillion keys, or 72,057,594,037,927,936. Symmetric keys typically have lengths between 40 and 128 bits. Public keys typically have lengths between 512 and 2048 bits. Both the symmetric and public keys need to be long enough to withstand an attack. (from RSA Security)

So We’ve Seen…  Symmetric Crypto – Fast, but hard to share secret  Asymmetric Crypto – Slow but easier to set up  Digital Signatures – Uses Asymmetric, Digests, Chains of Trust  Secure Socket Layer – Uses all three of the above techniques to allow people to authenticate the sender of a web page and conduct secure business with it without having to use a lot of slow asymmetric cryptography.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.