Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Presentation on theme: "Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as."— Presentation transcript:

1 Chapter 8

2  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as encryption.  Encryption is specifically the transformation of unencrypted data (plaintext) into encrypted form (cipher-text).  Decryption is the process of recovering the plaintext message from the cipher-text.  The process used to encrypt the plaintext or decrypt the cipher-text is referred to as cryptography algorithm.  Cryptographic algorithms generally use a key, or multiple keys, in order to encrypt or decrypt the message. 2Prepared by Saher H. Mohammed

3  The Caesar cipher involves shifting each letter of the plaintext message by a certain number of letters.  SECURE can be transformed to VHFUHW by using 3 forward shifts.  ROT13 moves each letter 13 places forward. 3Prepared by Saher H. Mohammed

4  Modern cryptographic algorithms can be broadly classified into two types ◦ Symmetric cryptography ◦ Asymmetric cryptography  Each approach has its own pros and cons.  Generally, symmetric cryptography is faster but has some issues with key exchange. 4Prepared by Saher H. Mohammed

5  Symmetric key cryptography is also called as private key cryptography.  Symmetric key cryptography uses only a single key for both encryption and decryption.  The key is shared between the sender and receiver.  The weakness of symmetric key cryptography lies in the use of one key. If the key is exposed beyond the sender and receiver, it is possible for attacker to intercept the message.  Symmetric key cryptography provides only confidentiality, and not integrity. 5Prepared by Saher H. Mohammed

6  Symmetric key cryptography makes use of two types of ciphers: block cipher and stream cipher.  A block cipher takes a predetermined number of bits, known as block, in the plaintext message and encrypts that block.  Blocks are commonly composed of 64 bits, but can be larger or smaller.  Block cipher are slower, but more efficient. They are also very complex to implement on hardware and software. 6Prepared by Saher H. Mohammed

7  Block ciphers are also more sensitive to errors in the encryption process.  Block ciphers are used in the situations where the message size is constant or known in advanced.  A stream cipher encrypts each bit in the plaintext message, 1 bit at a time.  Since stream cipher encrypt a single bit at a time, they are slow.  A stream cipher is used when the message size is unknown.  Common example of symmetric key algorithms are DES, 3DES and AES. 7Prepared by Saher H. Mohammed

8  Asymmetric cryptography uses two keys; a public key and a private key.  The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone.  The private key are used to decrypt data that arrives at the receiving end and are carefully guarder by the receiver.  Complex mathematical operations are used to create the private and public keys. 8Prepared by Saher H. Mohammed

9  The main advantage of asymmetric key cryptography is the loss of the need to distribute the key.  Common example of asymmetric key algorithms are RSA algorithm, ECC and DSS. 9Prepared by Saher H. Mohammed

10  Hash functions are third type of cryptography, also called as keyless cryptography.  Hash functions are also referred to as message digests, they create a large unique and fixed–length hash value (hash).  Hash functions perform one-way encryption. Meaning that once the algorithm is processed, there is no way to take the cipher-text and retrieve the plaintext.  Common examples of hash functions are SHA, MD2, MD4 and MD5. 10Prepared by Saher H. Mohammed

11  Digital signatures allow us to sign a message in order to enable detection of changes to the message contents.  This ensures that the message was legitimately sent by the expected party.  This also prevents the sender from denying that he or she sent the message, know as non-repudiation.  The sender would generate a hash of the message, then use the private key to encrypt the hash, this is called as digital signature. Digital signature is attached with the message.  The receiver would use the sender’s public key to decrypt the digital signature. 11Prepared by Saher H. Mohammed

12 12 Sender Hash Mathematical Hash Function Digital Signature Use private key to encrypt the hash code Receiver Original Message + Digital signature Use public key of the sender to decrypt the digital signature

13  Protecting Data at Rest ◦ Data Security ◦ Physical Security  Protecting Data in Motion ◦ Protecting the data itself ◦ Protecting the connection  Protecting Data in Use ◦ Policies and procedures 13Prepared by Saher H. Mohammed

14  A hash is a special mathematical function that performs one-way encryption.  One the hashing algorithm is processed, there is no feasible way to take cipher-text and retrieve the plaintext that was used to generate it.  Common use of hashing functions are storing computer passwords and ensuring message integrity. Prepared by Saher H. Mohammed14

15  Hashing function can produce a unique value corresponding to the data entered, but the hashing value is also reproducible by everyone else running the same algorithm against the same data.  The hashing algorithm can be attacked with what is called collision attack. Prepared by Saher H. Mohammed15

16 Prepared by Saher H. Mohammed16 Hashing Function/ Hashing Algorithm Plain Text Hashing Code/ Message Digest/ Message Authentication Code (MAC)

17 Prepared by Saher H. Mohammed17 Hashing Function/ Hashing Algorithm Plain Text Hashing Code Hashing Function/ Hashing Algorithm Hashing Code Plain Text

18 Prepared by Saher H. Mohammed18 Hashing Function/ Hashing Algorithm Plain Text 2 Hashing Code Plain Text 1

19  SHA accepts an input of up to 2 64 bits or less and then compresses the input plain text to a hash of 160 bits.  SHA works in block mode, separating the data into words first, and then grouping the words into blocks.  The words are 32 bit strings converted to hex; grouped together as 16 words. This makes up a 512 bit block.  If the plain text data input to SHA is not a multiple of 512 bits, the message is padded with 0’s and an integer describing the original length of the message. Prepared by Saher H. Mohammed19

20 Prepared by Saher H. Mohammed20 Original message- plaintext Padding (If required) Hashing Function Message Digest

21  SHA is one of the most secure hashing algorithms, with no known successful attacks against it.  The cipher code of 160 bits in SHA is very long compared to other common 128 bit cipher codes.  This added security and resistance to attacks in SHA requires more processing power. Prepared by Saher H. Mohammed21

22  Message Digest (MD) is the generic version of one of the three algorithms, all designed to create a MD or hash from the data input by using algorithms.  All these algorithms were developed by Ronald L. Rivers of MIT.  Various version of MD algorithms are  MD 2  MD 4  MD 5 Prepared by Saher H. Mohammed22

23  MD 2 takes a data input of 16 bytes and produces a hash or MD of 128 bits.  MD 2 is optimized for 8 bit machines.  If the data input is less than16 bytes, then the input is padded.  After padding, a 16 byte checksum is appended to the message.  The message is processed in 16 byte blocks. After the entire message is processed in 16 bytes blocks, a 128 bit message digest or hash is produced. Prepared by Saher H. Mohammed23

24  The success of MD 2 depends on the addition of checksum to the message.  If the checksum is not appended to the original message, then MD 2 is vulnerable to collision attack. Prepared by Saher H. Mohammed24

25  MD 4 is optimized for 32 bit computers.  MD 4 accepts an input of 512 bits or multiple of 512 bits.  If the input is less than 512 bits, extra bits are padded to make the input 512 bits.  After this input block of 512 bits is processed, MD 4 produces a hash or MD of 128 bits.  MD 4 is fast algorithm, but not secure. MD 4 is very vulnerable to collision attacks. Prepared by Saher H. Mohammed25

26  MD 5 is similar to MD 4, but with some addition security.  MD 5 slower, and secure compared to MD 4.  MD 5 accepts an input of 512 bit blocks.  MD 5 produces a 128 bit hash or message digest. Prepared by Saher H. Mohammed26

27 Prepared by Saher H. Mohammed27 E (P,K) D (C,K) Plaintext (P) Secret Key (K) Ciphertext (C) Plaintext (P) Secret Key (K)

28  Symmetric cryptographic algorithms are also called as secret key cryptography.  Symmetric cryptographic algorithms rely on only one key, called as secret key.  Encryption and decryption are carried out with the help of the same key.  Symmetric cryptographic algorithms uses block cipher.  DES, 3DES and AES are some common examples of symmetric cryptographic algorithms Prepared by Saher H. Mohammed28

29  To accomplish encryption and decryption, most of the secret key algorithms uses two main techniques known as substitution and permutation.  Substitution is simply a mapping of one value to another value.  Permutation is a reordering of the bit positions for each of the inputs.  There techniques are used a number of times in iterations called rounds.  In general, the more rounds there are, the more secure the algorithm. Prepared by Saher H. Mohammed29

30  DES-Data Encryption Standard.  DES uses a block size of 64 bits; that means it accepts an input of 64 bits and produces an out of 64 bits.  DES uses the key of 56 bits.  The plain text is divided in block size of 64 bits. If the last block is less than 64 bits, extra pits are added. Prepared by Saher H. Mohammed30

31  DES performs permutation and substitution on each block for 16 times. It works in three stages. ◦ The algorithm accepts plaintext P, and performs initial permutation, IP, on P producing P 0.The block is then broken into left and right halves, the left ( L 0 ) begin first 32 bits of P 0 and the right begin the last 32 bits of P 0. ◦ With L 0 and R 0, 16 rounds are performed until L 16 and R 16 are generated. ◦ The inverse permutation IP -1, is applied to L 16 R 16 to produce ciphertext C. Prepared by Saher H. Mohammed31

32 Prepared by Saher H. Mohammed32

33  The effectiveness of DES depends on some key factors ◦ The secret key must be distributed over a secure channel. ◦ If weak keys are chosen, then the DES is vulnerable to attacks. ◦ If less than 16 rounds of permutations are substitution are used, then DES is vulnerable to attacks. Prepared by Saher H. Mohammed33

34  AES - Advance Encryption Standard.  AES can have key size of 128, 192, 256 bits.  Based on the size of the key, multiple rounds are performed. ◦ 128 bit key will require 9 rounds ◦ 192 bit key will require 11 rounds ◦ 256 bit key will require 13 rounds  AES requires an input plaintext of 128 bits, and produces a 128 bit block of ciphertext. Prepared by Saher H. Mohammed34

35  The following 4 steps are performed in every round. ◦ Byte sub: Each byte is replaced by its substitute. ◦ Shift row: Bytes are shifted are arranged. ◦ Mix column: Matrix multiplication is performed based upon the arrangement. ◦ Add round key: This round's sub-key is cored in. Prepared by Saher H. Mohammed35

Download ppt "Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as."

Similar presentations

Ads by Google