1

Cryptography Cryptography is a collection of mathematical techniques to ensure Cryptography is a collection of mathematical techniques to ensure

confidentiality of informationconfidentiality of information Encryption and DecryptionEncryption and Decryption

The process of scrambling a message with the help of a key is The process of scrambling a message with the help of a key is called Encryptioncalled Encryption

The process of unscrambling a message using an appropriate key The process of unscrambling a message using an appropriate key is called decryptionis called decryption

Keys are numbers or characters that are randomly generatedKeys are numbers or characters that are randomly generated Symmetric and Asymmetric cryptographySymmetric and Asymmetric cryptography

Symmetric - same keys are used for encryption and decryptionSymmetric - same keys are used for encryption and decryption Asymmetric or Public Key Cryptography – a pair of public key and Asymmetric or Public Key Cryptography – a pair of public key and

private key is used for encryption and decryptionprivate key is used for encryption and decryption Pretty Good Privacy (PGP) – a popular cryptographic systemPretty Good Privacy (PGP) – a popular cryptographic system

2

Digital/Electronic Signatures An electronic signature means any letters numbers, An electronic signature means any letters numbers,

symbols, images, characters or any combination thereof in symbols, images, characters or any combination thereof in electronic form applied to an electronic documentelectronic form applied to an electronic document

Uses public key cryptographyUses public key cryptography Ensures authenticity, integrity and non- repudiation Ensures authenticity, integrity and non- repudiation

Authenticity means the message is from a particular Authenticity means the message is from a particular source/individualsource/individual

Integrity means the message has not been alteredIntegrity means the message has not been altered Non-repudiation means that the execution of the Non-repudiation means that the execution of the

digital signature cannot be denieddigital signature cannot be denied Electronic signature vs. hand written signatureElectronic signature vs. hand written signature

3

Digital Certificates

Establish whether or not a public key Establish whether or not a public key belongs to the purported ownerbelongs to the purported owner

Comprises of a public key, certification Comprises of a public key, certification information (name, ID etc.) and electronic information (name, ID etc.) and electronic signatures of a certification authoritysignatures of a certification authority

x.509 standard formatx.509 standard format

4

Name:Jonathan MarshallPublic Key:023917918729087395045273927

Date Issue:January 15, 2003Date Expiry: January 15, 2005

Serial Number:2345872364

We certify that the above information is true.Dues Certification Authority Inc.

5

Certification Authority (CA)

A trusted public/private body that attests the A trusted public/private body that attests the association of a particular individual with association of a particular individual with his/her corresponding public keyhis/her corresponding public key

Signs digital certificates with its private keySigns digital certificates with its private key Hierarchy of CA’sHierarchy of CA’s Can issue different types of digital Can issue different types of digital

certificates attaching different levels of trustcertificates attaching different levels of trust

6

Hash Function & Message Digest

Hash function is a one-way mathematical Hash function is a one-way mathematical function applied to a message function applied to a message

Result of the hash function is unique to Result of the hash function is unique to each message called Message Digesteach message called Message Digest

A message digest is a single large number A message digest is a single large number typically between 128 and 256 bits in lengthtypically between 128 and 256 bits in length

7

Original Message

Scrambled Message

Public Key receiver

InternetInternet Scrambled+SignedMessage

Original Message

Private Key receiver

The Process of Sending Messages Using Public Key Cryptography

How Digital Signature Technology Works?

Sender Receiver

Message Digest signed with the Private Key of sender Public Key sender to reveal Message Digest

HashHash

8

Steps Involved in Digital Signature Process1. 1. Hash function is applied to the original message in order to find the Hash function is applied to the original message in order to find the

message digestmessage digest2. Public Key of the receiver is used to encrypt the message2. Public Key of the receiver is used to encrypt the message3. A digital signature is attached to the scrambled message by signing the 3. A digital signature is attached to the scrambled message by signing the

message digest with Private Key of the sendermessage digest with Private Key of the sender4. The encrypted message, the digital signature and the hash function are 4. The encrypted message, the digital signature and the hash function are

sent to the receiver sent to the receiver 5. Public Key of the sender is used by the receiver to reveal the message 5. Public Key of the sender is used by the receiver to reveal the message

digest and, thus, to confirm identity/authenticity of the senderdigest and, thus, to confirm identity/authenticity of the sender6. Receiver uses his/her Private Key to decrypt the message6. Receiver uses his/her Private Key to decrypt the message7. Receiver applies hash function to the received original message and 7. Receiver applies hash function to the received original message and

computes the message digest – if this message digest matches with the computes the message digest – if this message digest matches with the one received from the sender, it confirms that the message has not one received from the sender, it confirms that the message has not been altered during transmissionbeen altered during transmission

9

Public Key Infrastructure (PKI)

A structured system that provides key A structured system that provides key management facilities, storage and management management facilities, storage and management facilities of digital certificates and involves a facilities of digital certificates and involves a certification authoritycertification authority

Application of PKIApplication of PKIOnline contracts Online contracts E-Banking – electronic payment systems E-Banking – electronic payment systems

such as electronic checks, credit card based such as electronic checks, credit card based systems, electronic cash, micro payment systems, electronic cash, micro payment systemssystems

10

Key Length

A cryptographic key is represented as a string of A cryptographic key is represented as a string of binary digits – 0’s & 1’s inside a computerbinary digits – 0’s & 1’s inside a computer

If a key is 1 bit in length it means two possible If a key is 1 bit in length it means two possible keys, that is, 0 and 1. If a key is 2 bits in length it keys, that is, 0 and 1. If a key is 2 bits in length it means four possible key values, 00,01,10 and 11means four possible key values, 00,01,10 and 11

Key having 3 bits length can have values -Key having 3 bits length can have values -000,001,010,011,100,101,110,111000,001,010,011,100,101,110,111

Number of keys = 2Number of keys = 2(number f bits)(number f bits)

11

Symmetric Key Algorithms

DES (Data Encryption Standard) – 56 bitsDES (Data Encryption Standard) – 56 bits IDEA (International Data Encryption IDEA (International Data Encryption

Algorithm (IDEA) – 128 bitsAlgorithm (IDEA) – 128 bits RC2 – (block cipher) 1-2048 bits RC2 – (block cipher) 1-2048 bits RC4 (stream cipher) – 1-2048 bitsRC4 (stream cipher) – 1-2048 bits Rinjdael – 128-256 bitsRinjdael – 128-256 bits

12

Attacks on Symmetric Key Algorithms Key Search AttacksKey Search Attacks CryptanalysisCryptanalysis System-based AttacksSystem-based Attacks

13

Attacks on Symmetric Key Algorithms… Key Search (Brute Force) Attacks – attempt to Key Search (Brute Force) Attacks – attempt to

decrypt the message with every possible keydecrypt the message with every possible key The greater the key length, the more difficult it The greater the key length, the more difficult it

is to identify the keyis to identify the key If there were a computer that could search a If there were a computer that could search a

billion keys per second, and if you had a billion billion keys per second, and if you had a billion of these computers, it would still take 10783 of these computers, it would still take 10783 billion years to search all possible 128 bit keysbillion years to search all possible 128 bit keys

14

Attacks on Symmetric Key Algorithms… Cryptanalysis – encryption algorithms can be Cryptanalysis – encryption algorithms can be

defeated by using a combination of sophisticated defeated by using a combination of sophisticated mathematics and computing power so that many mathematics and computing power so that many encrypted messages can be deciphered without encrypted messages can be deciphered without knowing the keyknowing the key

System-Based Attacks – attack the cryptographic System-Based Attacks – attack the cryptographic system that uses the cryptographic algorithm system that uses the cryptographic algorithm without actually attacking the algorithm itselfwithout actually attacking the algorithm itself

15

Public Key Algorithms

DSS – Digital Signature Standard based on DSA DSS – Digital Signature Standard based on DSA (Digital Standard Algorithm) – key length is (Digital Standard Algorithm) – key length is between 512-1024 bitsbetween 512-1024 bits

RSA RSA developed in 1977 by three professors at MITdeveloped in 1977 by three professors at MIT provides basis of existing digital signature provides basis of existing digital signature

technologytechnology key may be of any length depending on the key may be of any length depending on the

system system Elliptic Curves Elliptic Curves

16

Attacks on Public Key Algorithms

Key Search Attacks – these attacks attempt to Key Search Attacks – these attacks attempt to derive a private key from its corresponding public derive a private key from its corresponding public key with the use of a large factoring numberkey with the use of a large factoring number

Analytical Attacks – uses some fundamental flaw Analytical Attacks – uses some fundamental flaw in the mathematical problem on which the in the mathematical problem on which the encryption system is basedencryption system is based