Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Published byNaomi Atkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?"— Presentation transcript:

1 Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption? What is symmetric key encryption? UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 Introduction to Operating Systems Andrea C. Arpaci-Dusseau Remzi H. Arpaci-Dusseau

2 Motivation Scenario: Communicate between two endpoints over unprotected channel (e.g., network) Others can eavesdrop on channel Others can inject messages on channel Goals Provide secure communication –No one can understand message contents Provide authentication –Establish identify of sender –Ensure that message contents are not altered

3 Encryption Mechanism Convert data to form that does not make sense to others Terminology Clear text (plain text): Initial readable text that needs protection Cipher text: Encrypted version of clear text Steps Sender: Encrypt clear text to cipher text – Apply function with encryption key to clear text Cipher text can be stored in readable file or transmitted over unprotected channels Receiver: Decrypt cipher text to clear text –Apply function with decryption key to cipher text Based on factoring very large numbers (product of two primes)

4 Necessary Conditions 1) Decryption function or key remains secret If encryption and decryption keys are identical, cannot leak either key 2) Encryption function cannot be easily inverted 3) Encryption and decryption must be done is safe place Trusted Computing Base (TCB) Clear text must never be leaked outside of TCB

5 Public Key Encryption RSA algorithm (Rivest, Shamir, Adleman) Two keys for every user Public key: Known by everyone Secret (private) key: Known only by user Requirements Cannot derive one from knowing the other Public and secret keys are inverses of each other –Encode with secret key of A --> decode with public key of A {{Msg} SA } PA --> Msg –Encode with public key of A --> decode with secret key of A {{Msg} PA } SA --> Msg

6 Security with Public Keys Secure communication: Ensure that no one can read content of messages Example: A sends Msg to B A->B: {Msg} PB B can decode {Msg} PB with SB No one else but B can decode Msg Anyone can send messages to B

7 Authentication with Public Keys Authentication: Reliably identify the sender of a message Example: A sends to B; B must know A sent message A->B: {Msg} SA B can decode {Msg} SA with PA No one else but A could have encoded a valid message Use for electronic signatures Provides positive identification Example: “I agree to pay Mary $100 per year for life” If message can be decrypted with your public key, then written by you Anyone can verify author of message

8 Security and Authentication with Public Keys Require both security and authentication, then combine both strategies Example: A sends a message to B that only B can read; B knows that only A could have created message A->B: {{Msg} PB } SA B: How does it decode {{Msg} PB } SA to get {Msg} PB ? B: How does B decode {Msg} PB to get Msg? Would A->B: {{Msg} SA } PB work?

9 Example with Public Keys How to encrypt message given following requirements: All communication channels are insecure Three parties involved –P (professor): Original sender of message –S (student): intermediary of message –E (employer): final receiver of message 1) Only E can read message 2) E must know that the message was written by P 3) Message must pass through S before getting to E –P ensures that S gives approval How?

10 Potential Limitations of Encryption How do you trust public keys? You hear “A’s public key is K” Problem: Who said this? What if K is really C’s public key? Solution: Authentication Server (AS) everyone trusts Everyone knows public key of authentication server (PAS) AS->B: {Public key of A is PA} SAS B decodes with PAS and know only AS could have sent message Used by HTTPS and Secure Socket Layer (SSL) Certificate from server A –{AS, A, PA, time} SAS

11 More Problems with Encryption Eavesdroppers can replay old messages Replaying can confuse parties or cause unwanted behavior (even though eavesdropper doesn’t know what they are replaying) Solution: Sequence numbers (nonces) or timestamps in messages Relatively slow to encode and decode messages Single private key is faster

12 Symmetric Key Encryption Also called Single key or Private key encryption Example: Advanced Encryption Standard (AES), Data Encryption Standard (DES) Idea: Associate conversation key (CK) with session between two users Same key used for both encoding and decoding {{Msg} CK } CK --> Msg Problem: How do you exchange conversation key? Cannot send private key over insecure channel! Example: A wants to talk securely with B, B must authenticate A is sender (do not worry about replay attacks) Simplified Solution #1: Use public key encryption to exchange session key –A->B: {A, {CK} SA } PB

13 Exchanging Conversation Keys Solution #2 Each user has private key, Ki Authentication server knows private keys of all users Simplified algorithm: A asks authentication server for a CK with B –A->AS: B AS replies with new conversation key, CK –AS->A: {CK, {A,CK} KB } KA –If decrypted msg makes sense, only AS could have sent –Only A can decrypt message and get CK A sends message to B telling it CK –A->B: {A,CK} KB –No one could modify message to change name of sender from A Who can listen to conversation?

14 Secure Signatures Problem: How to know if binary file is modified in transit? Could encrypt entire file, but slow if not concerned with eavesdropping Solution: Secure checksum, message digest, digital fingerprint Function(Msg) --> large integer (e.g., 1024 bits) Difficult for adversary to find another msg that maps to same integer Example: A sends file to B A calculates checksum of file; ask AS to encrypt A sends file and encrypted checksum to B B receives file and computes checksum B ask AS to decode encrypted checksum so it can compare

15 Encryption Safety How safe is encryption? Can private keys be found? Crack with brute force guessing, use many machines –Look for understandable text in decoded version Safety depends on length of keys –DES 56 bit keys --> 2 56 possible keys Cracked in < 24 hours –AES has 128 bit keys Solutions Upgrade encryption (key length) as machines become faster Remove known patterns from clear text –(e.g., compress text first) Do not send large amounts of data with same key –Change keys frequently

Download ppt "Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?"

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Cryptographic Technologies

Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.

Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Similar presentations

Ads by Google