( Ch 73) Internet Security Digital certificate only authorised recipient can decrypt message Encryption - strong - weak Firewall.

Slides:

Advertisements

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Advertisements

Sri Lanka Institute of Information Technology

Digital Signatures and Hash Functions. Digital Signatures.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Cryptographic Technologies

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Chapter 20: Network Security Business Data Communications, 4e.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Review of basic cryptographically algorithm Asymmetric encoding (Private and Public Keys), Hash Function, Digital Signatures and Certification.

Encryption and Security Dylan Anderson Michael Huffman Julie Rothacher Dylan Anderson Michael Huffman Julie Rothacher.

Types of Electronic Infection

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

COEN 351 E-Commerce Security

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

Digital Signatures and Digital Certificates Monil Adhikari.

Network Security Celia Li Computer Science and Engineering York University.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.

Digital Signature, Digital Certificate – Securing E-Transactions Dr. Hussein Al-Bahadili.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Chapter 40 Internet Security.

Web Applications Security Cryptography 1

Security Outline Encryption Algorithms Authentication Protocols

Lecture 4 - Cryptography

Public-Key, Digital Signatures, Management, Security

Instructor Materials Chapter 5: Ensuring Integrity

Presentation transcript:

( Ch 73) Internet Security Digital certificate only authorised recipient can decrypt message Encryption - strong - weak Firewall protects network from external communications Virus spread and detection Data Protection Act personal data must be kept secure Social and cultural issues protect against pornography, paedophiles etc

( Ch 73) Encryption “Encryption changes data so that it is meaningless to anyone who does not have a key to unscramble it.” Or “Encryption is the scrambling of data so that it becomes very difficult to unscramble and interpret.” Scrambled data is called ciphertext. Unscrambled data is called plaintext. Decryption “Unscrambling ciphertext back to the original plaintext is called decrypton.” For example, ?Hello? might be changed to ?2kdi&k4?. After you encrypt data, only you and the people you choose can decrypt (unscramble) the information to make it readable again Data encryption is performed by the use of a cryptographic algorithm and a key. The algorithm uses the key to scramble and unscramble data. Ideally the algorithm should be made public, whilst the key remains private.

( Ch 73) Strong and Weak Encryption Encryption cannot make it impossible for unauthorised decryption; juts more improbable. With unlimited time and processing power all cryptosystems could be broken. T The purpose of encryption is to make it as unlikely as possible that ciphertext could be broken within a period of time during which the contents should remain secret. Strong encryption –Encryption methods that cannot be cracked by brute-force (in a reasonable period of time). –Strong encryption implies that it is impossible to discover the key within the lifetime of a secret. –Currently any key length of above 56 bits is considered strong encryption –The world fastest computer needs thousands of years to compute a key. For governments and law enforcement agencies strong encryption is a concern, (terrorism, organised crime etc.) Many would like to ban it's use unless there were agreements that law enforcement agencies could get hold of the keys, either through legal framework or having a decryption code lodged with a Trusted Third Party, (TTP). Weak encryption –A code that can be broken in a practical time frame. –Less than 56-bit encryption. –Keyspace: –The longer the key the greater range of possible values it can have. This is called the keyspace –The greater the key space, the more difficult it is for someone to discover the correct key

( Ch 73) Cryptography is the practice and study of hiding information.information Computer passwords, and electronic commerce, which all depend on cryptography.Computer passwordselectronic commerce cryptographic algorithms: –Message-digest algorithms Map variable-length plaintext to fixed-length ciphertext. –Secret-key algorithms Use one single key to encrypt and decrypt. –Public-key algorithms Use 2 different keys – public key and private key.

( Ch 73) Crptography working

( Ch 73) Keys It is a variable value that is used by cryptographic algorithms to produce encrypted text, or decrypt encrypted text. The length of the key reflects the difficulty to decrypt from the encrypted message. EncryptionDecryption Plaintext Ciphertext Key

( Ch 73) Secret-key Encryption Use a secret key to encrypt a message into ciphertext. Use the same key to decrypt the ciphertext to the original message. Also called “Symmetric cryptography”. EncryptionDecryption Plaintext Ciphertext Secret Key

( Ch 73) Secret Key How to? Encrypted Text Original Text + Secret key = Encrypted Text Original TextSecret key + = Encryption Decryption

( Ch 73) Secret-Key Problem? All keys need to be replaced, if one key is compromised. Not practical for the Internet environment. On the other hand, the encryption speed is fast. Suitable to encrypt your personal data.

( Ch 73) Public-key Encryption Involves 2 distinct keys – public, private. The private key is kept secret and never be opened, and it is password protected (Passphase). The public key is not secret and can be freely distributed, shared with anyone. It is also called “asymmetric cryptography”. Two keys are mathematically related, it is infeasible to derive the private key from the public key. 100 to 1000 times slower than secret-key algorithms. EncryptionDecryption Plaintext Ciphertext Public KeyPrivate Key

( Ch 73) Public-Private Encryption First, create public and private key Public key Private key Private key stored in your personal computer Public Key Directory Public Key Public key stored in the directory

( Ch 73) Message Encryption (User A sends message to User B) Public Key Directory Text User A User B ’ s Public Key Encryption Encrypted Text

( Ch 73) Message Encryption Original Message Encrypted Message

( Ch 73) Transfer Encrypted Data User A Encrypted Text Encrypted Text Insecure Channel User B

( Ch 73) Decryption with your Private key Encrypted Text User B ’ s Private key Private key stored in your personal computer Decryption Original Text User B

( Ch 73) Digital Signature Digital signature can be used in all electronic communications –Web, , e-commerce It is an electronic stamp or seal that append to the document. Ensure the document being unchanged during transmission. Is generated by taking a mathematically summary of the document concerned ( a hash code). This is transmitted with the message. Because this code is generated from the entire document, in the right sequence. It changes to the document will mean the code is changed and this will be picked up by the receiver. When downloading software Digital signatures can also offer protection from viruses which can be downloaded with Java applets. Programmers sign a program by attaching their digital signature to it. If a program is signed i.e. traceable theoretically it is less likely to contain a virus

( Ch 73) How digital Signature works? User A User B Use A ’ s private key to sign the document Transmit via the Internet User B received the document with signature attached Verify the signature by A ’ s public key stored at the directory

( Ch 73) Digital Signature

( Ch 73) Message-Digest How to A hash function is a math equation that create a message digest from message. A message digest is used to create a unique digital signature from a particular document. Hash Function Original Message (Document, ) Digest

( Ch 73) Message-Digest Algorithms It maps a variable-length input message to a fixed-length output digest. It is not feasible to determine the original message based on its digest. It is impossible to find an arbitrary message that has a desired digest. It is infeasible to find two messages that have the same digest.

( Ch 73) Message-Digest How to A hash function is a math equation that create a message digest from message. A message digest is used to create a unique digital signature from a particular document. MD5 example Hash Function Original Message (Document, ) Digest

( Ch 73) Digital certificate “ Digital certificates are used to encrypt to stop unauthorised users reading confidential information, such as credit card details. “ The certificate comes in 2 parts - a public and private key. Anyone can know the public key. To enable someone to send you an encrypted message you must send them your public key, which they must use to send you the message. You can then use the private key to decrypt the message. Digital Certificate is a data with digital signature from one trusted Certification Authority (CA). A trusted agent who certifies public keys for general use (Corporation or Bank). –User has to decide which CAs can be trusted. This data contains: –Who owns this certificate –Who signed this certificate –The expired date –User name & address

( Ch 73) Digital Certificate

( Ch 73) Factoring In many instances the strength of modern encryption systems rely on the fact that it is difficult to factor large numbers. If two large (200 digit) prime numbers are multiplied together. It would take years of computer processing, to deduce the original prime numbers from the product. This process is known as factoring - attempting to find the two prime factors of the product.

( Ch 73) Firewall Firewall is the program that prevents ousiders to access an organization’s internel data. It runs on a dedicated computer A firewall typically consists of a PC or server containing two network interface cards (NICs) and running a special firewall program. One card connects to the LAN and the other to the Internet. The machine acts as a barrier for all information passing through it. The firewall software analyses each packet of information and rejects it f it does not conform to a preconfigured rule. This can also block particular machines with are unauthorised.

( Ch 73) Mac (Media Access Control) Filtering is another common way of preventing unauthorised access. Each machine has a unique MAC address such as 00-OA-C D6. Machines not within the defined MAC- address range would be denied access to the system.

( Ch 73) Virus Spread and Detection When you download a file from the Internet, you can use virus detection software to make sure the file is virus- free before you run it. It is important to keep all anti-virus software up-to- date as this changes, to combat new viruses. Be aware that some sites automatically send a program to your computer and run it before you can get a chance to check it! You can search on the Internet and get lots of examples of stories about virus threats and horror stories.

( Ch 73) Social and Cultural Issues The Internet cuts across cultural and social boundaries and, although has many positive effects, it also causes many problems. Conventional authorities such as Customs and Excise, Inland Revenue and the Police have little control over what people are allowed to buy, see or do on the Internet. This has positive aspects such as freedom of speech and the ability to communicate with others, but criminals can abuse this, using encryption for criminal activities, racist web sites etc. Legal systems in most countries are a long way behind the current pace of technological change and the police do not have the man power and are short of expertise in this area. However, in recent years there has been a move to increase international cooperation, which has resulted in some high profile court cases and arrests. Software solutions for some of the problems are available including filtering software such as NetNanny or SurfControl.