View
213
Download
0
Category
Preview:
Citation preview
1
Cryptography Cryptography is a collection of mathematical techniques to ensure Cryptography is a collection of mathematical techniques to ensure
confidentiality of informationconfidentiality of information Encryption and DecryptionEncryption and Decryption
The process of scrambling a message with the help of a key is The process of scrambling a message with the help of a key is called Encryptioncalled Encryption
The process of unscrambling a message using an appropriate key The process of unscrambling a message using an appropriate key is called decryptionis called decryption
Keys are numbers or characters that are randomly generatedKeys are numbers or characters that are randomly generated Symmetric and Asymmetric cryptographySymmetric and Asymmetric cryptography
Symmetric - same keys are used for encryption and decryptionSymmetric - same keys are used for encryption and decryption Asymmetric or Public Key Cryptography – a pair of public key and Asymmetric or Public Key Cryptography – a pair of public key and
private key is used for encryption and decryptionprivate key is used for encryption and decryption Pretty Good Privacy (PGP) – a popular cryptographic systemPretty Good Privacy (PGP) – a popular cryptographic system
2
Digital/Electronic Signatures An electronic signature means any letters numbers, An electronic signature means any letters numbers,
symbols, images, characters or any combination thereof in symbols, images, characters or any combination thereof in electronic form applied to an electronic documentelectronic form applied to an electronic document
Uses public key cryptographyUses public key cryptography Ensures authenticity, integrity and non- repudiation Ensures authenticity, integrity and non- repudiation
Authenticity means the message is from a particular Authenticity means the message is from a particular source/individualsource/individual
Integrity means the message has not been alteredIntegrity means the message has not been altered Non-repudiation means that the execution of the Non-repudiation means that the execution of the
digital signature cannot be denieddigital signature cannot be denied Electronic signature vs. hand written signatureElectronic signature vs. hand written signature
3
Digital Certificates
Establish whether or not a public key Establish whether or not a public key belongs to the purported ownerbelongs to the purported owner
Comprises of a public key, certification Comprises of a public key, certification information (name, ID etc.) and electronic information (name, ID etc.) and electronic signatures of a certification authoritysignatures of a certification authority
x.509 standard formatx.509 standard format
4
Name:Jonathan MarshallPublic Key:023917918729087395045273927
Date Issue:January 15, 2003Date Expiry: January 15, 2005
Serial Number:2345872364
We certify that the above information is true.Dues Certification Authority Inc.
5
Certification Authority (CA)
A trusted public/private body that attests the A trusted public/private body that attests the association of a particular individual with association of a particular individual with his/her corresponding public keyhis/her corresponding public key
Signs digital certificates with its private keySigns digital certificates with its private key Hierarchy of CA’sHierarchy of CA’s Can issue different types of digital Can issue different types of digital
certificates attaching different levels of trustcertificates attaching different levels of trust
6
Hash Function & Message Digest
Hash function is a one-way mathematical Hash function is a one-way mathematical function applied to a message function applied to a message
Result of the hash function is unique to Result of the hash function is unique to each message called Message Digesteach message called Message Digest
A message digest is a single large number A message digest is a single large number typically between 128 and 256 bits in lengthtypically between 128 and 256 bits in length
7
Original Message
Scrambled Message
Public Key receiver
InternetInternet Scrambled+SignedMessage
Original Message
Private Key receiver
The Process of Sending Messages Using Public Key Cryptography
How Digital Signature Technology Works?
Sender Receiver
Message Digest signed with the Private Key of sender Public Key sender to reveal Message Digest
HashHash
8
Steps Involved in Digital Signature Process1. 1. Hash function is applied to the original message in order to find the Hash function is applied to the original message in order to find the
message digestmessage digest2. Public Key of the receiver is used to encrypt the message2. Public Key of the receiver is used to encrypt the message3. A digital signature is attached to the scrambled message by signing the 3. A digital signature is attached to the scrambled message by signing the
message digest with Private Key of the sendermessage digest with Private Key of the sender4. The encrypted message, the digital signature and the hash function are 4. The encrypted message, the digital signature and the hash function are
sent to the receiver sent to the receiver 5. Public Key of the sender is used by the receiver to reveal the message 5. Public Key of the sender is used by the receiver to reveal the message
digest and, thus, to confirm identity/authenticity of the senderdigest and, thus, to confirm identity/authenticity of the sender6. Receiver uses his/her Private Key to decrypt the message6. Receiver uses his/her Private Key to decrypt the message7. Receiver applies hash function to the received original message and 7. Receiver applies hash function to the received original message and
computes the message digest – if this message digest matches with the computes the message digest – if this message digest matches with the one received from the sender, it confirms that the message has not one received from the sender, it confirms that the message has not been altered during transmissionbeen altered during transmission
9
Public Key Infrastructure (PKI)
A structured system that provides key A structured system that provides key management facilities, storage and management management facilities, storage and management facilities of digital certificates and involves a facilities of digital certificates and involves a certification authoritycertification authority
Application of PKIApplication of PKIOnline contracts Online contracts E-Banking – electronic payment systems E-Banking – electronic payment systems
such as electronic checks, credit card based such as electronic checks, credit card based systems, electronic cash, micro payment systems, electronic cash, micro payment systemssystems
10
Key Length
A cryptographic key is represented as a string of A cryptographic key is represented as a string of binary digits – 0’s & 1’s inside a computerbinary digits – 0’s & 1’s inside a computer
If a key is 1 bit in length it means two possible If a key is 1 bit in length it means two possible keys, that is, 0 and 1. If a key is 2 bits in length it keys, that is, 0 and 1. If a key is 2 bits in length it means four possible key values, 00,01,10 and 11means four possible key values, 00,01,10 and 11
Key having 3 bits length can have values -Key having 3 bits length can have values -000,001,010,011,100,101,110,111000,001,010,011,100,101,110,111
Number of keys = 2Number of keys = 2(number f bits)(number f bits)
11
Symmetric Key Algorithms
DES (Data Encryption Standard) – 56 bitsDES (Data Encryption Standard) – 56 bits IDEA (International Data Encryption IDEA (International Data Encryption
Algorithm (IDEA) – 128 bitsAlgorithm (IDEA) – 128 bits RC2 – (block cipher) 1-2048 bits RC2 – (block cipher) 1-2048 bits RC4 (stream cipher) – 1-2048 bitsRC4 (stream cipher) – 1-2048 bits Rinjdael – 128-256 bitsRinjdael – 128-256 bits
12
Attacks on Symmetric Key Algorithms Key Search AttacksKey Search Attacks CryptanalysisCryptanalysis System-based AttacksSystem-based Attacks
13
Attacks on Symmetric Key Algorithms… Key Search (Brute Force) Attacks – attempt to Key Search (Brute Force) Attacks – attempt to
decrypt the message with every possible keydecrypt the message with every possible key The greater the key length, the more difficult it The greater the key length, the more difficult it
is to identify the keyis to identify the key If there were a computer that could search a If there were a computer that could search a
billion keys per second, and if you had a billion billion keys per second, and if you had a billion of these computers, it would still take 10783 of these computers, it would still take 10783 billion years to search all possible 128 bit keysbillion years to search all possible 128 bit keys
14
Attacks on Symmetric Key Algorithms… Cryptanalysis – encryption algorithms can be Cryptanalysis – encryption algorithms can be
defeated by using a combination of sophisticated defeated by using a combination of sophisticated mathematics and computing power so that many mathematics and computing power so that many encrypted messages can be deciphered without encrypted messages can be deciphered without knowing the keyknowing the key
System-Based Attacks – attack the cryptographic System-Based Attacks – attack the cryptographic system that uses the cryptographic algorithm system that uses the cryptographic algorithm without actually attacking the algorithm itselfwithout actually attacking the algorithm itself
15
Public Key Algorithms
DSS – Digital Signature Standard based on DSA DSS – Digital Signature Standard based on DSA (Digital Standard Algorithm) – key length is (Digital Standard Algorithm) – key length is between 512-1024 bitsbetween 512-1024 bits
RSA RSA developed in 1977 by three professors at MITdeveloped in 1977 by three professors at MIT provides basis of existing digital signature provides basis of existing digital signature
technologytechnology key may be of any length depending on the key may be of any length depending on the
system system Elliptic Curves Elliptic Curves
16
Attacks on Public Key Algorithms
Key Search Attacks – these attacks attempt to Key Search Attacks – these attacks attempt to derive a private key from its corresponding public derive a private key from its corresponding public key with the use of a large factoring numberkey with the use of a large factoring number
Analytical Attacks – uses some fundamental flaw Analytical Attacks – uses some fundamental flaw in the mathematical problem on which the in the mathematical problem on which the encryption system is basedencryption system is based
Recommended