Upload
ernest-rodgers
View
223
Download
1
Embed Size (px)
Citation preview
CryptographyCryptography
Why CryptographyWhy Cryptography Symmetric EncryptionSymmetric Encryption
Key exchange Key exchange
Public-Key CryptographyPublic-Key Cryptography Key exchangeKey exchange Certification Certification
Why CryptographyWhy Cryptography
General Security GoalGeneral Security Goal- Confidentiality- Confidentiality- Authentication- Authentication- Integrity- Integrity- Availability- Availability- Irrefutable - Irrefutable (not mention in this book)(not mention in this book)
Cryptography - generalCryptography - general
To send messages over e network, which To send messages over e network, which is unable to understand for a third partis unable to understand for a third part
General technique:General technique: Plain textPlain text Encode (algorithm and key)Encode (algorithm and key) Cipher text (send over the network)Cipher text (send over the network) Decode (algorithm and key)Decode (algorithm and key) Plain textPlain text
Cryptography - codingCryptography - coding
Old days simple letter transformation Old days simple letter transformation e.g. c for an a and d for a b and so one.g. c for an a and d for a b and so on
To dayTo day Symmetric keySymmetric key Public-private keysPublic-private keys
Cryptography - Cryptography - Symmetric Symmetric
Using the same key to encode and Using the same key to encode and decodedecode
Which goal are fulfilled ?Which goal are fulfilled ?- ConfidentialityConfidentiality- AuthenticationAuthentication- IntegrityIntegrity- AvailabilityAvailability- IrrefutableIrrefutable
-Confidentiality – yesConfidentiality – yes- Authentication - yesAuthentication - yes- Integrity - yesIntegrity - yes- Availability - no- Availability - no- Irrefutable - perhaps - Irrefutable - perhaps
Cryptography - Cryptography - Symmetric Symmetric
Implementations:Implementations: DES DES (Data Encryption Standard)–(Data Encryption Standard)– most known most known
today modified to triple DEStoday modified to triple DESkey length 64bit (3*64 bit) (round 10 min)key length 64bit (3*64 bit) (round 10 min)
to day even 128 bit (round 1000 billion year)to day even 128 bit (round 1000 billion year) Other IDEA, RC5Other IDEA, RC5
Cryptography - Cryptography - Symmetric Symmetric
Key exchange:Key exchange: Problem to exchange the keyProblem to exchange the key
- we can not send it with a mail - we can not send it with a mail - then it would not be secret any longer- then it would not be secret any longer
Using a Key Distribution Center (KDC)Using a Key Distribution Center (KDC)- I have an agreement with the KDC- I have an agreement with the KDC and with this an secret key. and with this an secret key.- So have all I communicate with.- So have all I communicate with.(see figure 2.10). (see figure 2.10).
Cryptography - Cryptography - Symmetric Symmetric
Windows use Symmetric key in an Windows use Symmetric key in an implementation called Kerberos:implementation called Kerberos: All like KDC but you get grant (a key) to a All like KDC but you get grant (a key) to a
resource for a certain time (all called a resource for a certain time (all called a ticket)ticket)
Cryptography Cryptography Asymmetric Asymmetric
Using the different keys to encode and Using the different keys to encode and decodedecode
You always have a pair of keysYou always have a pair of keysa public key and a private keya public key and a private key
If you encode with a public key – you If you encode with a public key – you must decode with a private keymust decode with a private key
If you encode with a private key – you If you encode with a private key – you must decode with a public keymust decode with a public key
Cryptography Cryptography Asymmetric Asymmetric
Which goal are fulfilled Which goal are fulfilled from A to B (B public Key)from A to B (B public Key)??- ConfidentialityConfidentiality- AuthenticationAuthentication- IntegrityIntegrity- AvailabilityAvailability- IrrefutableIrrefutable
-Confidentiality – yesConfidentiality – yes-Authentication - noAuthentication - no- Integrity - noIntegrity - no- Availability - no- Availability - no- Irrefutable - no- Irrefutable - no
Cryptography Cryptography Asymmetric Asymmetric
Which goal are fulfilled Which goal are fulfilled from A to B (A private Key)from A to B (A private Key)??- ConfidentialityConfidentiality- AuthenticationAuthentication- IntegrityIntegrity- AvailabilityAvailability- IrrefutableIrrefutable
-Confidentiality – noConfidentiality – no- Authentication - yesAuthentication - yes- Integrity - yesIntegrity - yes- Availability - no- Availability - no- Irrefutable - no- Irrefutable - no
Cryptography Cryptography Asymmetric Asymmetric
Can we fulfilled both Can we fulfilled both - Confidentiality andConfidentiality and- Authentication / Integrity andAuthentication / Integrity and- (Irrefutable)(Irrefutable)
YES – encode with A private key and then with B public keyYES – encode with A private key and then with B public key
Cryptography Cryptography Asymmetric Asymmetric
Implementations:Implementations: RSA – most known RSA – most known
key length recommended 1024bit key length recommended 1024bit
Cryptography Cryptography Asymmetric Asymmetric
Key exchange:Key exchange: Problem to exchange the keyProblem to exchange the key
- public key are public to everyone- public key are public to everyone- But do we believe the sender of the key- But do we believe the sender of the key
Using Certification Using Certification - I believe in some Certification Authorities- I believe in some Certification Authorities e.g. VeriSign, Thrust, (in DK TDC) e.g. VeriSign, Thrust, (in DK TDC)- get the public key from one of those trusted - get the public key from one of those trusted third part companies.third part companies.
Cryptography Cryptography Asymmetric Asymmetric
To fulfilled the goal you must encode 2 To fulfilled the goal you must encode 2 times (A private and B public)times (A private and B public)
A more easy way is to create a Message A more easy way is to create a Message Digest (MD) a sort of a checksum (Digital Digest (MD) a sort of a checksum (Digital Signature)Signature)
And this ‘checksum’ are encoded with A’s And this ‘checksum’ are encoded with A’s private key. Then the hole message + the private key. Then the hole message + the MD are encoded with B’s public keyMD are encoded with B’s public key
Cryptography Mixed Cryptography Mixed
Using asymmetric keys to exchange a Using asymmetric keys to exchange a symmetric key for rest of this session.symmetric key for rest of this session.This increase the speed of encryption This increase the speed of encryption and decryption.and decryption.