Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography and Security Technologies

Published byElla Thornton Modified over 5 years ago

Similar presentations

Presentation on theme: "Cryptography and Security Technologies"— Presentation transcript:

1 Cryptography and Security Technologies
Internet and Computer Network

2 Road Map Basic Concepts Introduction to Cryptography Digital Signature
Digital Certificate and Certification Authority

3 Basic Concepts

4 How are things done? In the E-Commerce world, transactions are performed between computers in different locations. Our focus: Information Security Merchant Customer Product Payment and other info.

5 Four Objectives of Information Security
Confidentiality: Ensure that information is not disclosed or revealed to unauthorized persons. Integrity: Ensure consistency. Prevent unauthorized creation or alteration of data. Authentication: Verify the identity of the sender. Non-repudiation: One cannot deny that he/she has taken part in the transaction.

6 Examples in Physical World
Confidentiality Sealed letter Opaque envelope Invisible Ink Integrity Indelible ink Authentication Photo ID card Driving license Non-repudiation Notarized signature Certified or registered mail

7 Among the Four Security Concerns….
Confidentiality – protection against? Integrity – protection against? Authentication – protection against? Non-repudiation – protection against? Therefore, non-repudiation is fundamentally different from other security services.

8 Introduction to Cryptography

9 Cryptosystem Encryption Encryption Key Decryption Decryption Key
Plain Information Plain Information    Cipher text

10 What is Encryption? Encryption is a process of scrambling (mutating) a message such that it becomes unreadable to unintended receivers. Decryption is simply a process to recover the cipher text into readable form. Obviously, a cryptosystem provides confidentiality.

11 Symmetric Cryptosystem
Uses the same key for encryption and decryption. Plain Information    Cipher text Encryption Decryption

12 Symmetric Key Cryptography
The key must be secretly held between the sender and receiver. How many keys are needed when we have a community of n users? Ans: n(n – 1)/2, or order of n2. Direct Implication: Distribution and key management. Does not support spontaneous transaction.

13 Symmetric Cryptosystems
Normally operates either as block cipher or stream cipher. Block cipher: input text is divided into fixed-size blocks of n-bits. The encryption function is then applied. The cipher text blocks are also n-bits in length. Typically, n = 64 bits. Stream cipher: processes the data as a sequence of characters. Common symmetric cryptosystems: DES, Triple-DES, RC2, RC4, RC5, etc.

14 The Data Encryption Standard (DES)
Developed by IBM in the 1970s, and was adopted as a US federal standard in 1977. Uses 56-bit key on 64-bit blocks of data. Encryption and decryption involves 16 rounds of permutations, letter substitutions, and exclusive-OR operations. The output displays no correlation to the input. Every bit of the output depends upon every bit of the input and the key.

15 How Good is DES? No general guideline on attack except brute-force search (i.e., exhaustively search the key space). For DES, that means 256  70 million billion trials. Using 1994 technology, a US$1 million investment can crack the key in 3.5 hours. That’s why we need Triple-DES and others!

16 Other Services….. Authentication and integrity: uses integrity check-value. Transmitted Message Plaintext Plaintext Plaintext Compute integrity check Shared Key Compute integrity check Integrity check-value Equal? Confirm or indicate failure

17 Integrity Check Value Can it check for integrity?
Yes, because the computed value must be consistent with the transmitted value. Can it authenticate the sender? Yes, because only 2 users hold the secret key. The recipient knows that it is sent by the other key holder. Can it prevent repudiation? NO! What if one user generates the message by himself and claim that it was done by the other user?

18 Public Key Cryptosystems
Uses a pair of related keys: one for encryption and one for decryption. One key, called the private key, is kept only to the owner. The other key, called the public key, can be made publicly known. Given the public key, one cannot derive the private key and vice versa.

19 Public Key Cryptosystems
   Cipher text A    Cipher text B Recipient’s public key Plaintext A Plaintext B Recipient’s private key Plaintext A Plaintext B

20 Alternatively…..    Cipher text A
Sender’s private key Plaintext Plaintext Sender’s public key

21 Public Key Cryptosystems
Confidentiality: (let p be our message) Public-KeyRecipient(p) = cipher text Private-KeyRecipient(cipher text) = p Authentication, integrity, non-repudiation: Private-KeySender(p) = cipher text Public-KeySender(cipher text) = p Commonly used public key systems include RSA and PGP (Pretty Good Privacy).

22 The RSA Algorithm Developed by Ron Rivest, Adi Shamir, and Len Adleman of MIT. Based on modular arithmetic and prime number operations. While multiplying two prime numbers is easy, factoring the product of such numbers is difficult, especially when the product is large!

23 Modular Arithmetic a  b (mod n) if a differs from b by an exact multiple of n. That is, a  b + Ln, L being an integer. Examples: 242  2 (mod 10) 164  4 (mod 5) 146  3 (mod 11)

24 The RSA Algorithm Find two prime numbers, p and q, and compute their product, n. Find a pair of integers d and e such that de  1 (mod (p – 1)(q – 1)). Now, for any message m not being multiple of p or q, Encryption: c  me (mod n) Decryption: cd (mod n)  m

25 The RSA Algorithm The two numbers, n and e, form the public encryption key. d is the private decryption key. Example: try p = 5, q = 7, n = 35, e = d = 5. de = 25 = 1 (mod (p – 1)(q – 1)) = 1 (mod 24) Let’s say the message m is 3, c = 35 (mod 35) = (mod 35) = 3 = m.

26 Performance of RSA Rough estimates:
In year 2000, attacker with US$25,000 can factor a 425-bit public modulus (n). US$25 million can factor a 619-bit modulus. In year 2020, US$25,000 will be able to factor a 515-bit modulus, while 25 million can factor 799-bit modulus. In any case, a 1024-bit modulus should be sufficient for the coming years.

27 Public Key Cryptosystems
Advantages: Higher security Easy key distribution Supports spontaneous transactions Weaknesses: Processing costs (e.g., time requirements for encryption/decryption).

28 How to Make Things Better?
Use a hybrid approach that combines the strengths of secret-key (symmetric key) and public-key based encryption techniques. Encrypt message with secret key, and then encrypt the secret key using public key. Transmitted Message = Secret-key(m) + Public-keyreceiver(Secret-key) The Second term is called a Digital Envelope.

29 Digital Signature

30 What is Digital Signature?
A data item that accompanies a digitally encoded message and that can be used to: ascertain the identity of the sender. ensure the message has not been altered during transmission. Normally involves a sign and a verify operation.

31 Digital Signature Plaintext Sender Plaintext Receiver
Transmitted Message Plaintext Sign Sender’s Private Key Verify Sender’s Public Key Digital Signature Verified? Yes/No

32 But…… This is very similar to the integrity check value in the symmetric key system! Difference: now it supports non-repudiation, because the private key is only held by the sender. Notice that the signature itself does not provide confidentiality.

33 RSA Digital Signature Apply the sender’s private key to the entire message to create the signature. Encryption and decryption have to be applied to the entire message. Signature length is the same as the message itself. Implication: High processing and communication overhead costs.

34 Any Help? One-way Hash function: maps values from a very large domain (the message) into a relatively small range. Any change in the original message, even just one single bit, will result in a different value. For security applications, normally hashes to fixed length data (e.g., 128 bits) known as message digest.

35 Digital Signature with Hashing
Plaintext Sender Plaintext Receiver Transmitted Message Plaintext Message digest Hash Computed digest Hash Sign Sender’s Private Key Sender’s Public Key Decrypt Digital Signature Expected digest Are they equal?

36 Digital Certificate and Certification Authority

37 Distribution of Public Key
Confidentiality is not required. How about integrity? What if an intruder substitutes the key with his own public key? In that case, all four security objectives are achieved, but you are simply dealing with a wrong person! That’s why we need a trusted third party to notarize the public key and its owner.

38 Digital Certificate A digital ID card that notarizes the connection between a public-key and its owner. Issued by certification authorities (CA). Contains a public-key value and information that uniquely identifies the holder. Digitally signed by the issuing CA. Implication? Must trust the CA for the certificate to be useful.

39 Digital Certificate Advantage:
Easy distribution without the need to worry about confidentiality, integrity, and authentication. User simply needs to trust the CA. No need to store the keys or certificates of other users. However, practically, no CA can handle all users. Therefore, we need a chain-like model to link up multiple CAs hierarchically. This is called a certification path.

Download ppt "Cryptography and Security Technologies"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden +46 470 70 86.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Similar presentations

Ads by Google