Presentation is loading. Please wait.

Presentation is loading. Please wait.

( Ch 73) Internet Security Digital certificate only authorised recipient can decrypt message Encryption - strong - weak Firewall.

Published byEmil Hawkins Modified over 8 years ago

Similar presentations

Presentation on theme: "( Ch 73) Internet Security Digital certificate only authorised recipient can decrypt message Encryption - strong - weak Firewall."— Presentation transcript:

1 Mazharjaved2001@yahoo.com ( Ch 73) Internet Security Digital certificate only authorised recipient can decrypt message Encryption - strong - weak Firewall protects network from external communications Virus spread and detection Data Protection Act personal data must be kept secure Social and cultural issues protect against pornography, paedophiles etc

2 Mazharjaved2001@yahoo.com ( Ch 73) Encryption “Encryption changes data so that it is meaningless to anyone who does not have a key to unscramble it.” Or “Encryption is the scrambling of data so that it becomes very difficult to unscramble and interpret.” Scrambled data is called ciphertext. Unscrambled data is called plaintext. Decryption “Unscrambling ciphertext back to the original plaintext is called decrypton.” For example, ?Hello? might be changed to ?2kdi&k4?. After you encrypt data, only you and the people you choose can decrypt (unscramble) the information to make it readable again Data encryption is performed by the use of a cryptographic algorithm and a key. The algorithm uses the key to scramble and unscramble data. Ideally the algorithm should be made public, whilst the key remains private.

3 Mazharjaved2001@yahoo.com ( Ch 73) Strong and Weak Encryption Encryption cannot make it impossible for unauthorised decryption; juts more improbable. With unlimited time and processing power all cryptosystems could be broken. T The purpose of encryption is to make it as unlikely as possible that ciphertext could be broken within a period of time during which the contents should remain secret. Strong encryption –Encryption methods that cannot be cracked by brute-force (in a reasonable period of time). –Strong encryption implies that it is impossible to discover the key within the lifetime of a secret. –Currently any key length of above 56 bits is considered strong encryption –The world fastest computer needs thousands of years to compute a key. For governments and law enforcement agencies strong encryption is a concern, (terrorism, organised crime etc.) Many would like to ban it's use unless there were agreements that law enforcement agencies could get hold of the keys, either through legal framework or having a decryption code lodged with a Trusted Third Party, (TTP). Weak encryption –A code that can be broken in a practical time frame. –Less than 56-bit encryption. –Keyspace: –The longer the key the greater range of possible values it can have. This is called the keyspace –The greater the key space, the more difficult it is for someone to discover the correct key

4 Mazharjaved2001@yahoo.com ( Ch 73) Cryptography is the practice and study of hiding information.information Computer passwords, and electronic commerce, which all depend on cryptography.Computer passwordselectronic commerce cryptographic algorithms: –Message-digest algorithms Map variable-length plaintext to fixed-length ciphertext. –Secret-key algorithms Use one single key to encrypt and decrypt. –Public-key algorithms Use 2 different keys – public key and private key.

5 Mazharjaved2001@yahoo.com ( Ch 73) Crptography working

6 Mazharjaved2001@yahoo.com ( Ch 73) Keys It is a variable value that is used by cryptographic algorithms to produce encrypted text, or decrypt encrypted text. The length of the key reflects the difficulty to decrypt from the encrypted message. EncryptionDecryption Plaintext Ciphertext Key

7 Mazharjaved2001@yahoo.com ( Ch 73) Secret-key Encryption Use a secret key to encrypt a message into ciphertext. Use the same key to decrypt the ciphertext to the original message. Also called “Symmetric cryptography”. EncryptionDecryption Plaintext Ciphertext Secret Key

8 Mazharjaved2001@yahoo.com ( Ch 73) Secret Key How to? Encrypted Text Original Text + Secret key = Encrypted Text Original TextSecret key + = Encryption Decryption

9 Mazharjaved2001@yahoo.com ( Ch 73) Secret-Key Problem? All keys need to be replaced, if one key is compromised. Not practical for the Internet environment. On the other hand, the encryption speed is fast. Suitable to encrypt your personal data.

10 Mazharjaved2001@yahoo.com ( Ch 73) Public-key Encryption Involves 2 distinct keys – public, private. The private key is kept secret and never be opened, and it is password protected (Passphase). The public key is not secret and can be freely distributed, shared with anyone. It is also called “asymmetric cryptography”. Two keys are mathematically related, it is infeasible to derive the private key from the public key. 100 to 1000 times slower than secret-key algorithms. EncryptionDecryption Plaintext Ciphertext Public KeyPrivate Key

11 Mazharjaved2001@yahoo.com ( Ch 73) Public-Private Encryption First, create public and private key Public key Private key Private key stored in your personal computer Public Key Directory Public Key Public key stored in the directory

12 Mazharjaved2001@yahoo.com ( Ch 73) Message Encryption (User A sends message to User B) Public Key Directory Text User A User B ’ s Public Key Encryption Encrypted Text

13 Mazharjaved2001@yahoo.com ( Ch 73) Message Encryption Original Message Encrypted Message

14 Mazharjaved2001@yahoo.com ( Ch 73) Transfer Encrypted Data User A Encrypted Text Encrypted Text Insecure Channel User B

15 Mazharjaved2001@yahoo.com ( Ch 73) Decryption with your Private key Encrypted Text User B ’ s Private key Private key stored in your personal computer Decryption Original Text User B

16 Mazharjaved2001@yahoo.com ( Ch 73) Digital Signature Digital signature can be used in all electronic communications –Web, e-mail, e-commerce It is an electronic stamp or seal that append to the document. Ensure the document being unchanged during transmission. Is generated by taking a mathematically summary of the document concerned ( a hash code). This is transmitted with the message. Because this code is generated from the entire document, in the right sequence. It changes to the document will mean the code is changed and this will be picked up by the receiver. When downloading software Digital signatures can also offer protection from viruses which can be downloaded with Java applets. Programmers sign a program by attaching their digital signature to it. If a program is signed i.e. traceable theoretically it is less likely to contain a virus

17 Mazharjaved2001@yahoo.com ( Ch 73) How digital Signature works? User A User B Use A ’ s private key to sign the document Transmit via the Internet User B received the document with signature attached Verify the signature by A ’ s public key stored at the directory

18 Mazharjaved2001@yahoo.com ( Ch 73) Digital Signature

19 Mazharjaved2001@yahoo.com ( Ch 73) Message-Digest How to A hash function is a math equation that create a message digest from message. A message digest is used to create a unique digital signature from a particular document. Hash Function Original Message (Document, E-mail) Digest

20 Mazharjaved2001@yahoo.com ( Ch 73) Message-Digest Algorithms It maps a variable-length input message to a fixed-length output digest. It is not feasible to determine the original message based on its digest. It is impossible to find an arbitrary message that has a desired digest. It is infeasible to find two messages that have the same digest.

21 Mazharjaved2001@yahoo.com ( Ch 73) Message-Digest How to A hash function is a math equation that create a message digest from message. A message digest is used to create a unique digital signature from a particular document. MD5 example Hash Function Original Message (Document, E-mail) Digest

22 Mazharjaved2001@yahoo.com ( Ch 73) Digital certificate “ Digital certificates are used to encrypt e-mail to stop unauthorised users reading confidential information, such as credit card details. “ The certificate comes in 2 parts - a public and private key. Anyone can know the public key. To enable someone to send you an encrypted message you must send them your public key, which they must use to send you the message. You can then use the private key to decrypt the message. Digital Certificate is a data with digital signature from one trusted Certification Authority (CA). A trusted agent who certifies public keys for general use (Corporation or Bank). –User has to decide which CAs can be trusted. This data contains: –Who owns this certificate –Who signed this certificate –The expired date –User name & email address

23 Mazharjaved2001@yahoo.com ( Ch 73) Digital Certificate

24 Mazharjaved2001@yahoo.com ( Ch 73) Factoring In many instances the strength of modern encryption systems rely on the fact that it is difficult to factor large numbers. If two large (200 digit) prime numbers are multiplied together. It would take years of computer processing, to deduce the original prime numbers from the product. This process is known as factoring - attempting to find the two prime factors of the product.

25 Mazharjaved2001@yahoo.com ( Ch 73) Firewall Firewall is the program that prevents ousiders to access an organization’s internel data. It runs on a dedicated computer A firewall typically consists of a PC or server containing two network interface cards (NICs) and running a special firewall program. One card connects to the LAN and the other to the Internet. The machine acts as a barrier for all information passing through it. The firewall software analyses each packet of information and rejects it f it does not conform to a preconfigured rule. This can also block particular machines with are unauthorised.

26 Mazharjaved2001@yahoo.com ( Ch 73) Mac (Media Access Control) Filtering is another common way of preventing unauthorised access. Each machine has a unique MAC address such as 00-OA-C4-16-35-D6. Machines not within the defined MAC- address range would be denied access to the system.

27 Mazharjaved2001@yahoo.com ( Ch 73) Virus Spread and Detection When you download a file from the Internet, you can use virus detection software to make sure the file is virus- free before you run it. It is important to keep all anti-virus software up-to- date as this changes, to combat new viruses. Be aware that some sites automatically send a program to your computer and run it before you can get a chance to check it! You can search on the Internet and get lots of examples of stories about virus threats and horror stories.

28 Mazharjaved2001@yahoo.com ( Ch 73) Social and Cultural Issues The Internet cuts across cultural and social boundaries and, although has many positive effects, it also causes many problems. Conventional authorities such as Customs and Excise, Inland Revenue and the Police have little control over what people are allowed to buy, see or do on the Internet. This has positive aspects such as freedom of speech and the ability to communicate with others, but criminals can abuse this, using encryption for criminal activities, racist web sites etc. Legal systems in most countries are a long way behind the current pace of technological change and the police do not have the man power and are short of expertise in this area. However, in recent years there has been a move to increase international cooperation, which has resulted in some high profile court cases and arrests. Software solutions for some of the problems are available including filtering software such as NetNanny or SurfControl.

Download ppt "( Ch 73) Internet Security Digital certificate only authorised recipient can decrypt message Encryption - strong - weak Firewall."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Cryptographic Technologies

Cryptographic Technologies
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Similar presentations

Ads by Google