1 / 29

ITIS 1210 Introduction to Web-Based Information Systems

Learn about cryptography, digital certificates, and how they help ensure secure communication over the internet. Protect your data and verify identities with these essential tools.

aguzman
Download Presentation

ITIS 1210 Introduction to Web-Based Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITIS 1210Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates

  2. Introduction • Remember: the Internet is VERY insecure • Snoopers can access almost anything you send/receive • Most of the time – not a problem • Big deal if someone knows you went to www.uncc.edu • However, VERY big deal if someone knows your credit card number

  3. Introduction • How can businesses operate properly? • Exchange data • Exchange financial information • How do you know that the “person” on the other end of a communication is really who they say they are? • Verifying identities is crucial to many activities • Without solutions to these problems the Internet becomes much less useful

  4. Cryptography • Cryptography – secret writing • Altering information so anyone intercepting it cannot understand it • Three-step process • Encrypt (change plain text to ciphertext) • Transmit • Anyone intercepting sees only nonsense • Decrypt (change ciphertext back into plain text)

  5. Cryptography • Key element: only recipient can change ciphertext back into plain text • Accomplished via mathematical manipulation • Treats message as a numerical sequence • Alters message using • Algorithm • Key • Result is a different numerical sequence • What gets transmitted

  6. Cryptography • Algorithms produce different results if different keys are used • Guessing the key means the ciphertext can be decrypted • Thus, key length is important • Example: if every UNCC password was 1 alphabetic character long could you eventually guess it?

  7. Cryptography • Why is key length important? • Example: 26 Uppercase + 26 Lowercase + 42 special characters & numbers 94 characters in “key space” 8 character password means 948 combinations 6,095,689,385,410,820 possible passwords At 1 per second would take 193,293,042 years to test all

  8. Cryptography • Common encryption systems • Symmetric • Sender and receiver use same key • Asymmetric (public key – private key) • Sender and receiver • Each have two keys: public and private • Use different keys for specific situations • Sender’s key is public – made available to anyone • Receiver’s key is private • Sender’s key can only encrypt – it cannot decrypt

  9. Cryptography • Messages encrypted with your public key • Cannot be decrypted except with your private key • Because only you know your private key, only you can decrypt messages intended for you • The public key is a one-way key • Encryption only

  10. Cryptography • Process requires hash functions to work • Hash functions convert a message into a shorter message that has unique properties • No collisions • No reverse engineering • MD5 • Most common algorithm • Ron Rivest MIT • Mathematical formula translates a file into a 128-bit hexadecimal “message digest”

  11. Cryptography • Example: The quick brown fox jumps over the lazy dog 9e107d9d372bb6826bd81d3542a419d6 The quick brown fox jumps over the lazy eog ffd93f16876049265fbaef4da268dd0e

  12. Cryptography • Secure Hash Algorithm (SHA) • Developed by NIST • When a message of any length < 264 bits is input, produces a 160-bit message digest

  13. Cryptography • Example: The quick brown fox jumps over the lazy dog 2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12 The quick brown fox jumps over the lazy cog de9f2c7f d25e1b3a fad3e85a 0bd17d9b 100db4b3

  14. Mia decrypts digital envelope with her private key Message converted via hash algorithm to a “message digest” Gabriel’s random key Private key encrypts the “message digest” Hash function Original (decrypted) message Random key encrypts the message digest and original message Encrypted digital envelope (random key) Message digest Original message Decrypted message digest Message digest Random key Message Mia’s private key Gabriel’s random key Encrypted message Digital signature Encrypted message Message digest Random key Private key Gabriel’s public key Mia decrypts message using the random key Encrypted digital signature (message digest) Gabriel’s decrypted message Digital envelope Encrypted digital signature Hash function Random key Mia’s public key Mia generates her own message digest Mia decrypts the digital signature Digital signature Random key encrypted with Mia’s public key How Cryptosystems Work

  15. Cryptography • Gabriel wants to send a secret message to Mia • Two problems: • How does Gabriel ensure that no one but Mia can read his message? • How does Mia know the message came from Gabriel?

  16. Cryptography • Hash function converts Gabriel’s message to a “message digest” • A unique digital fingerprint of the original message • Message digest encrypted using Gabriel’s private key • Produces a unique digital signature that only Gabriel could have created

  17. Cryptography • Gabriel generates a new random key • Using this key he encrypts both his original message and his digital signature • The random key is the only key in the world that can decrypt the message • And only Gabriel has a copy of this key

  18. Cryptography • Gabriel encrypts the random key using Mia’s public key • This is called a digital envelope • Only Mia can decrypt this value using her private key • Gabriel sends message to Mia • Encrypted message • Encrypted digital signature • Encrypted digital envelope

  19. Cryptography • Mia receives message and tests • It’s content • It’s authenticity • Mia decrypts the digital envelope using her private key • This gives her the random key Gabriel used to encrypt the message and his digital signature

  20. Cryptography • Using the now decrypted random key, Mia decrypts the message • However: • Was it altered enroute? • Is this message really from Gabriel? • Using the random key and Gabriel’s public key, Mia decrypts the digital signature • The message digest is now revealed

  21. Cryptography • The message digest enables Mia to tell if the information she received matches the information Gabriel sent • Mia runs the decrypted message thru the same hash function that Gabriel used • This produces a new message digest

  22. Cryptography • Mia compares • The message digest she generated with • The message digest she decrypted from Gabriel’s digital signature • If the two match Mia knows: • The message she received was from Gabriel • It was not altered in transit to her

  23. Digital Certificates • Method of using encryption to verify the identify of an individual • Each user gets a unique certificate • Issued by a certificate authority • Charge users for the certificate • Attached to email or presented to a Web site • Verifies their identity

  24. Digital Certificates • How do you get a digital certificate? • Visit a site that offers them: VeriSign • Provide personally identifying information • Name • Address • Certificate downloaded to your PC • Includes your own private key

  25. Digital Certificates • Certificate contains • Your name • Name of the certificate authority (CA) • Digital signature of the CA • Serial number of your certificate • Expiration date of your certificate • Your public key • Encrypted in a way that makes it unique to you

  26. Digital Certificates • How do you use it? • Attach certificate to your email • Causes your message to be signed with your private key • Recipient gets • Email message • Information from your certificate • Used to verify that the message actually came from you

  27. Secure Socket Layer

  28. Secure Socket Layer • Used to encrypt communications between two computers • Padlock lets you know you’re secure:

  29. Secure Socket Layer • Computers use combination of public-key, private-key encryption • Works like this: • Computer A generates a symmetric key and sends it to computer B using B’s public key • Computer B decrypts it using its private key • Now both computers have the same key • Communicate securely • Discard key at end of session

More Related