Cryptography Gerard Klonarides

What is cryptography? Symmetric Encryption Symmetric Encryption Asymmetric Encryption Asymmetric Encryption Other cryptography Other cryptography Digital signatures Digital signatures PKI PKI

What is Cryptography? Transforming plaintext to ciphertext Transforming plaintext to ciphertext Hello I love you won’t you tell me your name?  ’  

Cryptography Transforming plaintext into ciphertext Transforming plaintext into ciphertext Substitution Substitution Transposition Transposition

Substitution This = 1234 This = 1234 Try and crack this one Try and crack this one

This is his hit This is his hit

Transposition Plaintext elements rearranged Plaintext elements rearranged This is his hit This is his hit ihT sis sih tih ihT sis sih tih

Plaintext is processed Block cipher Block cipher A block at a time A block at a time Stream cipher Stream cipher Processed continuously Processed continuously

The Cipher Process Keys Keys Single Key Single Key Two-key encryption Two-key encryption

About Keys Bigger does not mean better Bigger does not mean better For example IDEA 128 is better than RSA 521 For example IDEA 128 is better than RSA 521 One has to protect the integrity of the keys One has to protect the integrity of the keys

What does 128 bit encryption mean? A 128-bit number has possible values. A 128-bit number has possible values. How big is that? How big is that? 2 18 is how many IPv6 addresses we have 2 18 is how many IPv6 addresses we have is the # of atoms in the earth is the # of atoms in the earth is the # of atoms in the sun is the # of atoms in the sun

Encryption types Single key Encryption Single key Encryption Conventional Conventional Symmetric Symmetric Two-key Encryption Two-key Encryption Asymmetric Asymmetric Public-key Public-key

Symmetric Encryption A type of encryption where the same key is used to encrypt and decrypt the message. This differs from asymmetric (or public-key) encryption, which uses one key to encrypt a message and another to decrypt the message. encryptionkeyasymmetric (or public-key) encryption keyasymmetric (or public-key) encryption

Asymmetric Encryption cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. cryptographickeysencrypt decrypt cryptographickeysencrypt decrypt An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him or her. What's needed, therefore, is a global registry of public keys, which is one of the promises of the new LDAP technology. Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him or her. What's needed, therefore, is a global registry of public keys, which is one of the promises of the new LDAP technology.Pretty Good Privacy (PGP)InternetLDAPPretty Good Privacy (PGP)InternetLDAP Public key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman. For this reason, it is sometime called Diffie-Hellman encryption. It is also called asymmetric encryption because it uses two keys instead of one key (symmetric encryption). Public key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman. For this reason, it is sometime called Diffie-Hellman encryption. It is also called asymmetric encryption because it uses two keys instead of one key (symmetric encryption).

Algorithms A formula or set of steps for solving a particular problem. To be an algorithm, a set of rules must be unambiguous and have a clear stopping point. Algorithms can be expressed in any language, from natural languages like English or French to programming languages like FORTRAN. A formula or set of steps for solving a particular problem. To be an algorithm, a set of rules must be unambiguous and have a clear stopping point. Algorithms can be expressed in any language, from natural languages like English or French to programming languages like FORTRAN.language natural languages programming languagesFORTRANlanguage natural languages programming languagesFORTRAN We use algorithms every day. For example, a recipe for baking a cake is an algorithm. Most programs, with the exception of some artificial intelligence applications, consist of algorithms. Inventing elegant algorithms -- algorithms that are simple and require the fewest steps possible -- is one of the principal challenges in programming. We use algorithms every day. For example, a recipe for baking a cake is an algorithm. Most programs, with the exception of some artificial intelligence applications, consist of algorithms. Inventing elegant algorithms -- algorithms that are simple and require the fewest steps possible -- is one of the principal challenges in programming.programsartificial intelligence applicationsprogramsartificial intelligence applications

The RSA Algorithm RSA Developed by Ron Rivest, Adi Shamir, and Len Adlerman from MIT in 1977 Developed by Ron Rivest, Adi Shamir, and Len Adlerman from MIT in 1977 The only widely accepted public- key algorithm The only widely accepted public- key algorithm A block cipher algorithm A block cipher algorithm 98% 98%

Authentication The ability to verify that the contents of a message have not been altered The ability to verify that the contents of a message have not been altered The ability to identify the owner of that message The ability to identify the owner of that message

The Authentication Process To create an authenticator To create an authenticator To check for authenticity To check for authenticity

Hash Algorithms MD5 -Message Digest Algorithm MD5 -Message Digest Algorithm SHA - Secure Hash Algorithm SHA - Secure Hash Algorithm DSS – Digital Signature Standard DSS – Digital Signature Standard

DSS FIPS SUMMARY: The Secretary of Commerce approved Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS), which supersedes Federal Information Processing Standard (FIPS) 186-1, Digital Signature Standard (DSS). FIPS expands FIPS by specifying an additional voluntary industry standard for generating and verifying digital signatures. This action will enable Federal agencies to use the Digital Signature Algorithm (DSA), which was originally the single approved technique for digital signatures, as well as two new ANSI Standards that were developed for the financial community. These new standards are ANSI X9.31, Digital Signature Using Reversible Public Key Cryptography, and ANSI X9.62, Elliptic Curve Digital Signature Algorithm (ECDSA). SUMMARY: The Secretary of Commerce approved Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS), which supersedes Federal Information Processing Standard (FIPS) 186-1, Digital Signature Standard (DSS). FIPS expands FIPS by specifying an additional voluntary industry standard for generating and verifying digital signatures. This action will enable Federal agencies to use the Digital Signature Algorithm (DSA), which was originally the single approved technique for digital signatures, as well as two new ANSI Standards that were developed for the financial community. These new standards are ANSI X9.31, Digital Signature Using Reversible Public Key Cryptography, and ANSI X9.62, Elliptic Curve Digital Signature Algorithm (ECDSA).(FIPS) 186-2(FIPS) EFFECTIVE DATE: This standard is effective June 27, EFFECTIVE DATE: This standard is effective June 27, 2000.

Diffie-HellmanDiffie-Hellman key agreement Diffie-Hellman The Diffie-Hellman key agreement protocol (also called exponential key agreement) was developed by Diffie and Hellman [DH76] in 1976 and published in the ground-breaking paper ``New Directions in Cryptography.'' The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets. The Diffie-Hellman key agreement protocol (also called exponential key agreement) was developed by Diffie and Hellman [DH76] in 1976 and published in the ground-breaking paper ``New Directions in Cryptography.'' The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets.DH76