Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography, Authentication and Digital Signatures

Similar presentations


Presentation on theme: "Cryptography, Authentication and Digital Signatures"— Presentation transcript:

1 Cryptography, Authentication and Digital Signatures
Copyright © cs-tutorial.com

2 What is Security....? Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

3 Security in Distributed Systems
Security is by no means the least important principle of distributed system. Infact, it is one of the most difficult principles as security needs to be pervasive throughout a system. A single design flaw with respect to security may render all security measures useless.

4 Security in distributed systems can roughly be divided into two parts:-
One part concerns the communication between users or processes, possibly residing on different machines. Authorization, which deals with ensuring that a process gets only those access rights to the resources in a distributed system of which it is entitled to.

5 Attacks, Services and Mechanisms
Security Attack: Any action that compromises the security of information. Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.

6 Security Attacks

7 Security Attacks Interruption: This is an attack on availability
Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity. In fabrication an unauthorized party counterfeits an asset. Example:- an intruder may add records to an existing database.

8 Security Goals Confidentiality Integrity Avaliability

9 Confidentiality: ability to ensure that messages and data are available only to those authorized to view them. Encryption is used to achieve confidentiality. Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party. A Digital signature is commonly used to ensure data integrity.

10 Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet. Digital Certificate is employed to satisfy the authentication requirement. Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions.

11 Cryptography It is the art and science of achieving security by encoding messages to make them non-readable. Fundamental to security in distributed systems is the use of cryptographic techniques.

12 Encryption Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver Purpose: Secure stored information Secure information transmission Provides: Message integrity Nonrepudiation Authentication Confidentiality

13 cryptography plaintext encryption decryption fubswrjudskb ciphertext

14 Symmetric Key Encryption
Also known as secret key encryption. Both the sender and receiver use the same digital key to encrypt and decrypt message Requires a different set of keys for each transaction. Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits.

15 Symmetric Key Cryptography
plaintext encryption decryption fubswrjudskb ciphertext INTELLIGENCE PROBLEM (WWII): Alice wants to send a crypted message to Bob. They need to share the same key. Alice created a key, but how to let Bob know it?

16 KEY MAY BE INTERCEPTED!!!

17 The Key Distribution Problem
In general, there are two ways to pass a shared symmetric key between customer and merchant (M) :- First, customer X can obtain the shared symmetric key from M’s physical office. Merchant and customer can obtain the shared symmetric key from a trusted party (key distribution centre) through a secure channel. After establishing the first shared secret key, the merchant and the customer can also change the secret key regularly by encrypting the new key with the old key.

18 Symmetric Key Encryption Algorithm
Data Encryption Standard (DES):- encrypts 64-bit data blocks through many stages of transposition and substitution techniques, using a 56-bit encryption key. IDEA (International Data Encryption Algorithm) :- encrypts 64-bit data blocks with a 128-bit key.

19 Public Key Encryption Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner). Both keys are used to encrypt and decrypt message. Once key is used to encrypt message, same key cannot be used to decrypt message. For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it.

20 Asymmetrical Cryptography
plaintext encryption decryption public key private key fubswrjudskb ciphertext Asymmetrical Cryptography

21 Asymmetrical Cryptography makes it possible to use separate keys for encryption and decryption.
To exchange messages: - use public key to encrypt - use private key to decrypt

22 Public Key Cryptography
1. Bob creates a pair of different keys DECRYPTION KEY 2. Bob sends one of the keys to Alice ENCRYPTION KEY 4. But only Bob has the decryption key! 3. Everyone can get Bob’s public key and use it to encrypt a message

23 Public Key Cryptography – A Simple Case

24 Electronic Signature plaintext private key public key ciphertext
cryptography plaintext encryption decryption public key private key fubswrjudskb ciphertext Electronic Signature

25 Asymmetrical Cryptography makes it possible to use separate keys for encryption and decryption.
To exchange messages: - use public key to encrypt - use private key to decrypt To use electronic signature: - use private key to encrypt - use public key to decrypt

26 One application of cryptography in distributed systems is the use of hash functions.
Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. A hash function H takes a message m of arbitrary length as input and produces a fixed size value h called message digest (MD).

27 Message digest Hash Function Message Message digest
MD is a fixed length (128 or 160 bit) summary of message One way: message cannot be recovered from MD

28 Requirements of a Message Digest
Given a message, it should be very easy to find its corresponding message digest. Given a message digest, it should be very difficult to find the original message for which the digest was created. Given any two messages, if we calculate their message digests, the two message digests must be different.

29 To sign a document, sender’s software will crunch down the message into just a few lines by a process called "hashing". These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.) Sender then encrypts the message digest with his private key. The result is the digital signature.

30 Digital Signatures Digital signatures are one of the most important inventions of modern cryptography. A digital signature is a type of asymmetric cryptography used to simulate the security properties of a handwritten signature on paper. Digital signature schemes uses two keys, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature."

31 Digital signatures serves the purpose of validation and authentication of electronic documents.
Validation refers to the process of certifying the contents of the document, while authentication refers to the process of certifying the sender of the document. The main difference from a handwritten signature is that digital signature of a message is intimately connected with the message, and for different messages is different, whereas the handwritten signature is adjoined to the message and always looks the same.

32 Digital Signatures are computed based on the message that need to be signed and some private information held only by the sender. In practice for creating digital signature, instead of using the whole message, a hash function is applied to the message to obtain the message digest which is encrypted with the creator’s private key.

33 Message Digest Digital Signature Encrypt with Sender’s Private Key

34 Digital Signatures

35 Digital Certificates

36 Conclusion Security plays an extremely important role in distributed systems. A distributed system should provide the mechanisms that allow a variety of different security policies to be enforced.

37 Thank You….


Download ppt "Cryptography, Authentication and Digital Signatures"

Similar presentations


Ads by Google