Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park

Outline  Introduction  Aspects of Security  Privacy  Digital Signature

Introduction  With the growth of the ______, more and more data are being exchanged, and those data need to be _______  For example, when we shop on the Internet, we expect that the information we send to the vendor is kept secret  Also, when we receive a message, we sometimes need to ___________ the sender  In this chapter, we touch on the subject of security  There are four aspects of security

Aspects of Security (1/2) Security PrivacyAuthentication Integrity Nonrepudiation

Aspects of Security (2/2)  Privacy: Only the ______ and the ________ are able to understand the contents of the message  Authentication: The receiver needs to be sure of the sender’s _______  Integrity: The contents of the message need to be _________ during transmission  Nonrepudiation: A system needs to prove that the sender _______ sent the message

Privacy  Privacy can be achieved using ________________ methods  The data are encrypted at the sender site and decrypted at the receiver site  Two categories of encryption/decryption methods in use today are _______ key and _______ key

Privacy with Secret Key Encryption  The simplest way to encrypt data is to use a _____ key  The sender uses this key and an ________ algorithm to encrypt data; the receiver uses the _____ key and the corresponding algorithm to decrypt the data  The _____ key is used in encryption and decryption  However, the encryption and decryption algorithms are the _______ of each other

Data Encryption Standard (DES) (1/2)  We use very sophisticated encryption algorithm; the most common is called data encryption standard (DES)  DES encrypts and decrypts at the ___ level  The data are first transformed into a string of ___, and then broken into _______ of 64 bits  Each segment is then encrypted using a 56-bit key

Data Encryption Standard (DES) (2/2)  The secret key algorithms are very _______; they take less time to encrypt or decrypt compared with the ______ key algorithms  Therefore they are very good candidates for ____ messages  Each pair of users must have a secret key  The _________ of the keys between two parties can be difficult

Privacy with Public Key Encryption  There are two keys: a private key and a public key  The private key is kept by the _______  The public key is announced to the ______  When user A wants to send a message to user B, A uses the _____ key of B to encrypt the message; When the message is received by B, B uses its _______ key to decrypt the message

RSA: Basic Idea  The most common public-key algorithm is named after its inventors, Rivest-Shamir-Adleman (RSA) encryption  The private key is a pair of numbers ( N, d ); the public key is also a pair of numbers ( N, e )  The sender uses the following algorithm to encrypt the message: C = _________  The receiver uses the following algorithm to decrypt the message: P = _________  A major concept of the RSA algorithm is the use of very ______ numbers for d and e  In practice, the trial-and-error approach to breaking the code takes a _____ time (e.g. several months) even with the fastest computers available today

RSA: Example

RSA: Choosing Public and Private Keys  One question is how to choose the three numbers N, d, and e for encryption and decryption to work  The inventors of the RSA algorithm mathematically proved that using the following procedure guarantees that the algorithm will work  Choose two large ______ numbers, p and q  Compute N = p x q  Choose e (less than N ) such that e and ( p- 1)( q -1) are relative _______ (having no common factor other than 1)  Choose d such that ( e x d ) mod [( p -1)( q -1)] is equal to ___

Privacy Using The Combination (1/2)  We can combine the advantage of the secret key algorithm (_________) and the advantage of the public key algorithm (easy ___________ of keys)  The procedure is as follows:  The sender chooses a ______ key; this secret key is called the one-session key; it is used only _____  The sender uses the ______ key of the receiver to encrypt the secret key and sends the encrypted secret key to the receiver  The receiver uses the _______ key to decrypt the secret key  The sender uses the ______ key to encrypt the actual message

Privacy Using The Combination (2/2)

Digital Signature  The other three aspects of security (integrity, authentication, and nonrepudiation) can be achieved using the ______ of a document by its ______  Digital signature is a digital code that can be attached to an electronically transmitted message and that uniquely _______ the sender  Digital signature must be _________  Digital signature can be done in two ways: signing the ______ document or signing a ______ of the document

Signing The Whole Document (1/3)  We can use _____ key encryption to sign the whole document  The sender uses his ______ key (not the public key of the receiver) to encrypt the message  The receiver uses the _____ key of the sender (not his private key) to decrypt the message  The private key is used for encryption and the public key is used for decryption

Signing The Whole Document (2/3)  This method does not provide ______; anybody can use the ______ key of the sender to read the message. We need another level of encryption

Signing The Whole Document (3/3)  The integrity of the message is preserved because, if an intruder intercepts and changes the message, the decrypted message would be _________  The message can be authenticated because, if an intruder sends a message encrypted by his own private key, the message is then not decrypted correctly by the public key of the _____ author  Although the sender can deny sending the message, he must reveal (in court) his private key. If we encrypt and decrypt the ________ message, we get the _____ message

Signing The Digest  It is very ________ to use public key encryption to sign the whole document  To make the process more efficient, we can let the sender sign a _______ of the document  The sender makes a _________ of the document and signs it (encrypts it with his private key)  The receiver then checks the signature of the miniature (decrypts it with the sender’s _______ key)

Creating a Digest of The Message  Use a _____ function to create a digest of the message  The digest is of fixed size (usually 128 bits)  The two most common hash functions are Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1)  The hash function has two properties to succeed  Hashing should be _________

Sender Site  After the digest has been created, it is encrypted (signed) using the sender’s ______ key  The encrypted digest is ______ to the original message and sent to the receiver

Receiver Site (1/2)  ________ the message and the encrypted digest  Apply the same hash function to the message to create a ______ digest  Decrypt the _______ digest using the public key of the sender  It the two digests are the _____, it is obvious that all three aspects of security are _________

Receiver Site (2/2)

Three Aspects of Security Under The Method of Signing The Digest  If the received message creates a ______ of the digest, the message has not been changed  The digest comes from the true sender, so the message also comes from the true sender  The sender cannot deny the message because he cannot deny the digest; the only message that can create that digest is the received message  This method does not provide ______; We need another level of encryption