Download presentation

Presentation is loading. Please wait.

1
Cryptography and the Internet Daryl Banttari daryl@windsorcs.com

2
Introduction n Cryptography u There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter. --Bruce Schneier, preface, Applied Cryptography, Second Ed http://www.counterpane.com/actoc.html

3
Topics of Discussion n Types of Cryptography n Applications to the Internet u SSL u Digital Signatures u Digital Signatures and SSL u E-Mail Encryption and Authentication (PGP)

4
Types of Cryptography n Cryptographically Strong Hash Functions (MD5) n Symmetric Key (Conventional) Encryption n Public Key Encryption

5
The MD5 Hash Algorithm n Turns an arbitrary string into a 128-bit Message Digest or Hash n Always creates the same hash when given the same string n Impossible * to create a string from a hash or to alter a string and produce the same hash n Commonly used to verify that files are unaltered http://www.faqs.org/rfcs/rfc1321.html *Impossible: read Practically Impossible. It is believed to require 2 128 operations to produce a message that would create a given digest. Hash("Hello1"): 7A6D1B13498FB5B3085B2FD887933575 Hash("Hello2"): B83099B8CE596F31F2F60C8FD4D72826 Hash("Hello3"): E1C0F8926581BE86F96BD0007371CCA0

6
Symmetric Encryption n Proven and Secure n Fast n Uses the same key to decrypt as was used to encrypt n Requires out of band communication to exchange the key

7
Public Key Encryption n Pioneered by Whitfield Diffie and Martin Hellman in 1975. n Data encrypted with the Public key can only be decrypted with the Private key, even by the encrypter n Data encrypted with Private key can only be decrypted by the Public key n Commonly used to exchange a conventional session key n Public key encryption algorithms include RSA, DSA, Diffie-Hellman, Blowfish

8
SSL n Secure Server gives its Public key to the client n The client generates a conventional Session key n The client encrypts Session key with servers Public key n The rest of the communication uses Session key for speed http://developer.netscape.com/docs/manuals/security/sslin/contents.htm

9
Digital Signatures n MD5 Hash created of document n Hash in encrypted with Private key and appended to document n If the hash you decrypt using the senders Public key matches your own hash of the document: u The document must have been unaltered in transit u The document must have come from the sender n The combination of hash and private key is a Digital Signature

10
SSL Certificate Signing n Encryption does not equal authentication n Some means needed of ensuring consumer that they are sending their credit card number to the people they expect, not some lookalike Web server n Verisign et al diligently ensure the public key belongs to a given organization u Attach organization info and expiration date to public key u Digitally sign public key with attached info u Public key of major certificate signers shipped with browsers

11
E-Mail Encryption and/or Authentication n PGP is an open, reasonably easy method of applying digital signatures and encryption to e- mail n People and organizations can sign a message that can then can be verified for authenticity by their public key n PGP uses session keys like SSL, so messages can be encrypted to multiple recipients without multiplying size of message- think of a keyed safe with multiple lock-boxes attached n You must have public key of recipient to encrypt an e-mail to them, which makes encryption to mailing lists, newsgroups, etc. unfeasible http://www.pgpi.org/doc/pgpintro/

12
PGP Web of Trust n Anyone can upload keys to Key Servers-- even fake keys n If you can verify that a key belongs to its owner, you can sign that key, indicating that you have verified ownership n The Web of Trust is established by people signing other peoples keys; if you trust Person A to diligently verify identity of keys, and Person A signed Person Bs key, then you can trust that Person Bs key is authentic

13
ColdFusions hash() Function n Available with CF4.5 n Generates md5 hashes of strings in hex format (use char(32) to store) n Useful for storing passwords so they cant be read or recreated n Append an arbitrary string to salt the password hash to prevent hash dictionary attacks Hash("Hello1"): 7A6D1B13498FB5B3085B2FD887933575 Hash("Hello2"): B83099B8CE596F31F2F60C8FD4D72826 Hash("Hello3"): E1C0F8926581BE86F96BD0007371CCA0

14
Summary n An understanding of why encryption works is not necessary for an understanding of how it works n Although encryption and digital signature technology seem daunting, the processes are conceptually simple

15
What do I do with this info? n Hash passwords n Use encryption and authentication methods for secure processes n Evangelize!

Similar presentations

OK

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

© 2018 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google