Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS Introduction to Operating Systems

Published byAndra Hubbard Modified over 5 years ago

Similar presentations

Presentation on theme: "CS Introduction to Operating Systems"— Presentation transcript:

1 CS 537 - Introduction to Operating Systems
Encryption CS Introduction to Operating Systems

2 Encryption Why use encryption? Can’t deny access to everything
some files and/or information need to be transported across public lines anyone can view this information Encryption makes the information look like gibberish to anyone but the destination the destination can decrypt the message One important note encryption algorithms should be made public

3 Encryption KEY KEY plain text message encryption box encrypted message
decryption box plain text message bad guy listening in

4 Basic Idea Given a message m and a key k
use a function Ek(m) to encrypt message use a function Dk(Ek) to decrypt the message Could use exclusive OR as the function Ek = m  k Dk = Ek  k = m  k  k = m Major problem with this if m and Ek are known, can compute k

5 Cryptography Cryptography is the study of message encryption and decryption There exist functions Ek such that knowing Ek and m does not yield k [m]k means that message m is encrypted with key k Two major encryption algorithms conventional private key encryption public key encryption

6 Conventional Private Key
Also called Neeham/Schroeder protocol Each of the two machines agree upon a private key that only they know this will be different for each session All messages are then encrypted and decrypted with this key One major problem how do they get the key to start with?

7 Key Distribution Only complete solution is “out-of-band” transmission
don’t send it over a network this is expensive has other risks (watch James Bond sometime) Most systems actually use a network to get and transmit keys This requires trusting someone

8 Key Distribution Use a key distribution center (KDC)
everyone trusts this guy Every computer has a private key that only it and the KDC know When A wants to communicate with B, it contacts the KDC and it gives a random key, kc, back to A A then transmits kc to B A and B then use this key to communicate

9 Conventional Private Key
3 [Kc, A]Kb 4 [random’]Kc 5 [random’ + 1]Kc A B [Kc, request, random, [Kc, A]Kb]Ka request and random number (plain text) 2 1 KDC

10 Conventional Private Key
1 Request a key for communication - random number will be used to prevent replay 2 KDC sends back the information for the following reasons - Kc: the key to be used by A and B - request: verifies whose key A is getting - random: prevents replay of previous session - [Kc, A]Kb: encrypted message to send to B - encrypted with A’s key so it is the only one that can decipher it 3 Send Kc to B using the encrypted response from KDC - B is the only one that can decode this message

11 Conventional Private Key
4 B replies with a random number encrypted using Kc - this is a challenge to A to prove it actually knows Kc 5 A replies by sending the random number + 1 back to B - this is A’s response to prove it actually sent the original message At this point, A and B can now communicate with each other using the private key, Kc

12 Public Key There exist some encryption algorithms that use a key pair
If you encrypt with one key, you can only decrypt with the other key The way public key encryption works is that one of the pair is made public and the other is kept secret hence, a secret key is only known by a single machine everyone knows the public key

13 Key Distribution Now the public key can be sent unencrypted over the network it does a bad guy no good unless he has the secret key a machine will never share its secret key with anyone To actually communicate with someone encrypt the message with their public key they are the only one that can decrypt it

14 Public Key [IA, A]PKb [IA, IB]PKa [IB]PKb A B [[message]PKb]SKa 1 2 3
4 [[message]PKb]SKa

15 Public Key 1 Send a message to B indicating a desire to communicate
- only B can decipher this message - IA is a random identifier that A created 2 B responds with a message that only A can decipher - by returning IA B verifies it’s really B - also includes IB as a challenge to make sure A is really A 3 A responds to B’s challenge with the identifier that B created - now both parties know the other is who they say they are

16 Public Key 4 All messages from A to B are encrypted with B’s public
key and then again with A’s secret key - anyone can decipher the message encoded with A’s secret key - all they would get is the encrypted message that only B can decode - this is done to prevent others from injecting more into the message sent by A - need to be careful of this because anyone could encrypt a message for B and attach it to A’s message as it passes through

17 Public Key Cryptography
So how does all of this math work? It’s actually quite simple to encode a message E(m) = me mod n = C to decode a message D(C) = Cd mod n = m

18 Public Key Encryption How is n computed? Everyone knows the value of n
pick 2 big prime numbers (100 or more digits) these numbers will be p and q n = p x q Everyone knows the value of n very difficult to calculate p and q given n

19 Public Key Encryption So what is the value of d?
d is a large random integer that is relatively prime to (p-1) x (q-1) hence, the greatest common divisor of d and (p-1) x (q-1) is 1 So what is the value of e? e is the multiplicative inverse of: d mod [(p-1) x (q-1)] hence e x d mod [(p-1) x (q-1)] = 1 like n, e is also made public

20 Public Key Encryption An example let’s say p = 5 and q = 7 n = 35
(p-1) x (q-1) = 24 several choices for d, we’ll use d = 11 this means e x 11 mod 24 = 1 ==> e = 11 if m = 3 C = me mod n = 311 mod 35 = 12 Cd mod n = 1211 mod 35 = 3 = m

21 Certificate One major problem
how does B guarantee that A’s public key is really PA? have to trust someone again Assume there is a server C that both A and B trust this server is someone like Verisine

22 Certificates 3 [A, C, PA]SKc A B [A, C, PA]SKc 2 request for
1 C

23 Certificates 1 Send a message to C requesting a certificate 2
C replies with the certificate - A is the identity of A - C is the identity of C - PA is A’s public key - All of this info is encrypted with C’s secret K - anyone can decrypt this - used for authentication, not secrecy 3 A sends certificate to B - B then decodes it using C’s public key - B now believes that it really has A’s public key

Download ppt "CS Introduction to Operating Systems"

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography Prof. Seth D. Bergmann Rowan University Computer Science.

Cryptography Prof. Seth D. Bergmann Rowan University Computer Science.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Public-Key Cryptography CS110 Fall 2002. Conventional Encryption.

Public-Key Cryptography CS110 Fall Conventional Encryption.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Network Security – Special Topic on Skype Security.

Network Security – Special Topic on Skype Security.

Similar presentations

Ads by Google