Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20111 Module 3 Encryption Protocols and Practices  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Published byGwendoline York Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20111 Module 3 Encryption Protocols and Practices  MModified by :Ahmad Al Ghoul  PPhiladelphia."— Presentation transcript:

1 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20111 Module 3 Encryption Protocols and Practices  MModified by :Ahmad Al Ghoul  PPhiladelphia University  FFaculty Of Administrative & Financial Sciences  BBusiness Networking & System Management Department  RRoom Number 32406  EE-mail Address: ahmad4_2_69@hotmail.com

2 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20112 Objectives  Definition of Prtocol.  Types Of Protocols.  Key Distribution.  Digital Signature.  Key Escrow.  Voting By Computer.  Oblivious Transfer.  Certified Mail.

3 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20113 Definition of Protocols  Definition of Protocols –A protocol is an orderly sequence of steps two or more parties take to accomplish some task  A good protocol has the following  Characteristics –Established in advance: the protocol is completely designed before it is used. –Mutually subscribed: all parties to the protocol agree to follow its steps, in order. –Unambiguous: no party can fail to follow a step properly because the party has misunderstand the step. –Complete: for every situation that can occur there is a prescribed action to be taken.

4 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20114 Protocols  Protocols are also used in computer- to – computer communication. A computer needs to know when to “speak”, when to “listen”, with whom it is communicating, whether it has received all of a particular communication, and so forth. In a two- computer communication, both computers must follow the same protocol in order for either to participate.

5 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20115 Kinds of Protocols  Certain task, such as negotiating contracts, voting, distributing information, are simple human activities. However, many of these tasks depend on a witness to ensure fairness.  We must develop protocols by which two suspicious parties can interact with each other and be convinced of fairness.

6 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20116 Kinds of Protocols  Process vs. Mechanism –protocols separate the process of accomplishing a task from the mechanism by which it is done –a protocol specifies only the rules of behavior we verify the correctness of the process at a high level –after becoming convinced of the correctness of the design, we implement the protocol using some mechanism using some particular language or encryption system we need only verify that the mechanism correctly reflects the design we can later change the implementation without affecting the design

7 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20117 Kinds of Protocols  Fairness –in order to use computers more effectively, we must develop protocols by which two suspicious parties can interact with each other and be convinced of fairness  Types of Protocols –Arbitrated Protocols –Adjudicated Protocols –Self-Enforcing Protocols

8 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20118 Types of Protocols  Arbitrated Protocols  In a computer protocol arbiter is a trustworthy third party who ensures fairness. The arbiter might be a person, a program, or a machine. For example, in a network an arbiter might be a program running on one machine of the network. The program receives and forwards messages between users. The user trust that when the arbiter forwards a message saying it comes from A, the message really did come from user A.the notion of an arbiter is the basis for type of secure protocol called an arbitrated protocol.

9 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20119 Arbitrated Protocols disadvantages  1- The two sides may not be able to find a neutral third party that both sides trust. Suspicious users are rightfully suspicious of unknown arbiter in a network.  2- Maintaining the availability of an arbiter represents a cost to the users or the network ; that cost may be high.  3- Arbitration causes a time delay in communication because a third party must receive, act on, and then forward every transaction.  4- If the arbitration service is heavily used, it may become a bottleneck in the network as many users try to access a single arbiter.  5- Secrecy becomes vulnerable, because the arbiter has access to much sensitive information.

10 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201110 Types of Protocols  Adjudicated Protocols Its disinterested third party to judge fairness based on evidences. Not only can a third party determine whether two parties acted fairly, that is, within the rules of the protocol, but third party can also determine who cheated. Adjudicated protocols involve the services of a third party only in case of a dispute. Therefore, they are usually less costly, in terms of machine time or access to a trusted third party software judge, than arbitrated protocols. However, adjudicated protocols detect a failure to cooperate only after the failure has occurred

11 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201111 Types of Protocols  Self-Enforcing Protocols Is one that guarantees fairness. If either party tries to cheat, that fact becomes evident to the other party. No outsider is needed to ensure fairness.

12 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201112 Kinds of Protocols

13 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201113 Protocols to Solve Problems  When two humans interact directly, they do so differently than if there is a computer between them. Although there may be differences in the approach, we want to devise protocols for the automated environment by which people can carry out everyday tasks.  The following problems will be considered  Voting by Computer  Oblivious Transfer  Contract Signing  Certified Mail

14 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201114 Digital Signature  A digital signature is a protocol that produces the same effect as a real signature –two primary conditions Unforgeable: if a person P signs message M with signature S(P,M), it is impossible for anyone else to produce the pair [M,S(P,M)] Authentic: if a person R receives the pair [M,S(P,M)] each one from P, R can check that the signature is really from P. only P could have created this signature, and the signature is firmly attached to M

15 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201115 Digital Signature –two desirable conditions not alterable:after being transmitted, M cannot be changed by S,R, or an interceptor. not reusable: a pervious message presented will instantly detected by R

16 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201116 Cryptography  Why? –The word cryptography comes from the Greek: Kruptos which means hidden Graphien which means to write –Cryptography is the art of encoding data by means of the encryption process. –To satisfy the following needs: Authentication Confidentiality Integrity Non-repudiation

17 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201117 Cryptography  A few definitions (cont’d)! –Encryption Algorithm: A series of operations used to encrypt and decrypt data –Encryption Key: A sequence of symbols used by the encryption algorithm when data encryption and decryption takes place. Without it, it is impossible to return to plaintext. –Cryptology: Cryptology is a mathematical science comprising two streams: cryptography and cryptanalysis. –Cryptanalysis: The opposite of cryptography, cryptanalysis seeks weaknesses in order to decrypt ciphertext.

18 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201118 Cryptography –Regular text algorithm crypto-text Algorithm only –Secret and vulnerable algorithm Algorithm + key = lock –Public algorithm remains secure. –The key is the key to the secret. Plaintext Algorithm Ciphertext Encryption key

19 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201119 Cryptography  Limitations of the public key –Keys that are shorter than 512 bits (154 digits) are not secure –1,024 is ideal (308 digits) –Keys can be distributed or reset on a public key server –Key authentication is necessary

20 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201120

21 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201121 Cryptography  Examples of encryption algorithms… –Asymmetrical: (or public key) RSA ElGamal DSA –Symmetrical: (or secret key) DES and triple DES (3DES) IDEA RC-4, RC-5, RC-6 AES

22 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201122 Cryptography  Digital signatures  Objective: to ensure the integrity of the data and the authentication of the message  Characteristics: authentic, unalterable, cannot be re- used or copied –The signature is a cryptography. –The signature is different every time. –Operates in the same manner as encrypted public keys

23 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201123 Cryptography  Key management  … involves five major steps: –Generates keys that are difficult to crack –Distributes them in a secure manner –Certifies that they are usable –Protects them at the time of their use –Revokes them when they are compromised

24 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201124 Cryptography  Key management –Generates keys that are difficult to crack = 000000000000000000000...

25 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201125

26 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201126 Cryptography  Key management –Certifies that they are usable –Protects them at the time of their use –Revokes them when they are compromised

27 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201127 Cryptography  Secret key management KDC computer pirate shared key shared key shared key shared key shared key

28 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201128 Cryptography  Digital certificates –Digital certificates are electronic folders containing the public key and information on the user as well as the CA’s signature. –The following information is found on a X.509 certificate: The certificate’s version number The certificate’s serial number The algorithm used to sign the certificate The certificate’s issuer The certificate’s retention period The public key issuer Information on the public key Extensions introduced by versions 2 and 3 The issuer’s digital signature

29 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201129 Symmetric Key Digital Signature (1)  With a private key encryption system the secrecy of the key guarantees the authenticity of the massage, as well as its secrecy.  Symmetric key encryption doesn't prevent forgery, the receiving party can create an identical message, because it has the same key, so there is no protection against the repudiation ( denial of sending a message ).  To solve this problem, there must be trusted third party A

30 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201130 Symmetric Key Digital Signature(2)  Symmetric Key Digital Signature –using arbiter, A S(sender) share a secret key with A R(receiver) share a secret key with A –using symmetric encryption –protocol : SKDS-1 arbiter S R

31 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201131 Digital Signature without Encryption(1)  If S and R are not concerned with secrecy, they can agree on a cryptographic sealing to use as a signature, the seal is a stamp, mark to prove the authenticity. A sealing function is a mathematical function affected by every bit of its input.  Suppose S and R have each registered a personal sealing function with arbiter  Let fs and fR be these two functions.  S sends M and fs(m) to A.  A also computes fs(M) from the copy of M received from S.  If two values match the massage is authenticated.  A sends M, s, fs(m), and fR((M,S)) to R.  R cannot interrupt fs(M) but can use it as evidence that S sent M.

32 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201132 Digital Signature without Encryption(2)  Digital Signature without Encryption –using arbiter, A –using cryptographic sealing function: e.g. keying hash function like HMAC-SHA –protocol : SKDS-2 arbiter S R

33 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201133 Digital Signature without Encryption(3)  Preventing Reuse or Alternation –SKDS-1 and SKDS-2 satisfy two primary conditions for digital signature: unforgeable and authentic –do not satisfy two desirable conditions for digital signature: not alterable and not reusable –solution not reusable : use time stamp not alterable : make each piece depend on time stamp

34 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201134  Preventing Reuse or Alternation

35 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201135 Digital signature Paul Plain text Signature Plaintext Simon private key Simon public key Sign Verify Verifies? Yes, NO Simon

36 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201136  Public key solution is much less cumbersome than the single key solution  One disadvantage is that the message is authentic but not private (as everyone can decrypt with the public key)  This can be overcome by using two encryption –in the first you encrypt the message with the public key of the recipient - the message can be read only by the recipient - it is private - confidentiality is provided –in the second (the envelope) you encrypt the encrypted message with your secret key - the message was sent only by you as only you know your private key - the message is authentic

37 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201137

38 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201138 Cryptography  Hashing functions MD5  Produces a 128-bit checksum  Processes incoming data in blocks of 512 bits (16 32-bit blocks)  4 repetitions of 16 operations  The result is 4 32-bit blocks SHA  Produces a 160-bit checksum  Processes incoming data in blocks of 512 bits (16 32-bit blocks–> 80 32-bit blocks)  4 repetitions of 20 operations  The result is 5 32-bit blocks

39 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201139

40 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201140 Hash Function Requirements A hash function H must have the following properties: 3 H can be applied to a block of data of any size 3 H produces a fixed-length output 3 H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical 3 For any given code h, it is computationally infeasible to find x such that h(x)=h 3 For any given block x, it is computationally infeasible to find y  x with h(y)=h(x) 3 It is computationally infeasible to find any pair (x, y) such that h(x)=h(y)

41 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201141 Message Authentication Using a One- way Hash Function (1) H H E D Message Compare K K Using conventional encryption AB

42 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201142 Message Authentication Using a One- way Hash Function (2) H H E D Message Compar e K private K public Using public-key encryption (Digital Signature) AB

43 Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-201143 Report  Discus one of these topics  1- man in middle attack.  2- (RSA)Rivest, Shamir, and Adleman, A method for obtaining digital signatures and public-key cryptosystems.  3-Brute force attack.

Download ppt "Network Security Philadelphia UniversityAhmad Al- Ghoul 2010-20111 Module 3 Encryption Protocols and Practices  MModified by :Ahmad Al Ghoul  PPhiladelphia."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google