1 / 43

Encryption

OKC GIS “Lunch & Learn” July 19 th , 2013. Encryption. Why do we encrypt things?. Confidentiality Integrity Authentication Authorization Nonrepudiation. How encryption works. Symmetric vs. Asymmetric. Key 1: “password”. Key 2: “password”. Key 1: “abcdefg”. Key 2: “zyxwvut”.

cara
Download Presentation

Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OKC GIS “Lunch & Learn” July 19th, 2013 Encryption

  2. Why do we encrypt things? • Confidentiality • Integrity • Authentication • Authorization • Nonrepudiation

  3. How encryption works

  4. Symmetric vs. Asymmetric Key 1: “password” Key 2: “password” Key 1: “abcdefg” Key 2: “zyxwvut”

  5. Symmetric vs. Asymmetric Symmetric Asymmetric Strengths Better key distribution Scalable Authentication and nonrepudiation Weaknesses Slower Mathematically intensive • Strengths • Much faster • Hard to break with large key • Weaknesses • Secure key transfer • Each pair needs unique key • No authenticity or nonrepudiation

  6. Examples Symmetric Asymmetric RSA (Rivest-Shamir-Adleman) Elliptic curve cryptosystem (ECC) Diffie-Hellman El Gamal Digital Signature Algorithm (DSA) Merkle-Hellman Knapsack • Data Encryption Standard (DES) • Triple-DES (3DES) • Blowfish • IDEA (International Data Encryption Algorithm) • RC4, RC5, & RC6 • Advanced Encryption Standard (AES)

  7. Encryption Methods Block Cipher Stream Cipher Encrypts the message bit by bit • Divides message into blocks of plaintext Keystream Generator Message 0111 0001 0101 1101 10111010 0111 0001 0101 1101 Encryption 0101 0111 1110 1111 Plaintext Ciphertext

  8. Hybrid Encryption Methods • Public Key Cryptography Decrypts with Jaci’s private key Symmetric Key Encrypted with Jaci’s public key Symmetric Key Encrypted with the symmetric key Message Decrypts with the symmetric key Message Jaci Jason

  9. Quiz Time • If a symmetric key is encrypted with a receiver's public key, what service(s) is(are) provided? • If data are encrypted with the sender’s private key, what security service(s) is(are) provided? • If the sender encrypts data with the receiver's private key, what security service(s) is(are) provided? • Why do we encrypt the message with the symmetric key? • Why don’t we encrypt the symmetric key with another symmetric key? • What is the meaning of life?

  10. Symmetric Encryption Standards

  11. Data Encryption Standard • 1974 – IBM’s modified Lucifer algorithm accepted, renamed Data Encryption Algorithm • NSA modified algorithm from 128-bit key to 64-bit key with 8 bits for parity, effectively reducing the key to 56 bits • 1988 NSA dropped DES from Federal Standards compliance • 1998 Electronic Frontier Foundation (EFF) built a system for $250K that broke DES in ~3 days • Deep Crack was the name of the PC they built • DES is a symmetric block encryption algorithm • Breaks message into 64-bit blocks, runs encryption, outputs 64-bit ciphertext

  12. Triple-DES • Similar to DES, is much more processor intensive • Four modes of application • DES-EEE3 • DES-EDE3 • DES-EEE2 • DES-EDE2 • 3-DES is a symmetric block encryption algorithm just like DES

  13. Advanced Encryption Standard • 1997 – Rijndael algorithm chosen for AES • Variable key/block size – 128/192/256 • Current standard for Federal Information Protection • AES is a symmetric block encryption algorithm

  14. International Data Encryption Algorithm • 64-bit block cipher • Broken into 16 smaller blocks • 128-bit key • Faster in software than DES • Can be used in PGP • Proprietary, so not selected for AES

  15. Blowfish • 64-bit block cipher • Key length from 32-448 bits • Un-patented

  16. RC4 • Stream cipher with variable key size • Used in SSL protocol • Implemented (improperly) in 802.11 WEP • RC4 was a trade secret of RSA • Until someone stole it and posted it online • Sometimes referred to as ArcFour or ARC4 since RC4 is trademarked

  17. RC5 • Block cipher with blocks of 32/64/128-bits • Key size up to 2,048-bits

  18. RC6 • Block cipher • Same as RC5 but faster

  19. Asymmetric Encryption Standards

  20. Diffie-Hellman Algorithm • First asymmetric encryption algorithm • Generates public/private key pair • User 1 runs their private key and user 2’s public key through process and vice versa, which results in the same value • This value is then used to generate symmetric keys for sessions • The system enables two systems to exchange a symmetric key without a prior relationship

  21. RSA • Developed in 1978 at MIT • Provides encryption and authentication • Public/private keys are function of large prime numbers • RSA is the most popular algorithm to exchange DES & AES symmetric keys

  22. El Gamal • Public key algorithm used for digital signatures, encryption, and key exchange • Similar to Diffie-Hellman • Very slow

  23. Elliptic Curve Cryptosystems • Provides the security features of RSA • Digital signatures, security key distribution, and encryption • Much more efficient than RSA • Smartphones and other processor-limited devices use ECC because of its efficiency

  24. LUC • Similar to El Gamal & RSA • Faster

  25. Knapsack • 1st Knapsack algorithm, Merkle-Hellman • Encryption only, later added digital signatures • Insecure, no longer used

  26. Message Integrity

  27. One-way Hash • Takes a variable-length string and produces a fixed-length, or hash value • One-way function • Any changes in the string change the resulting hash • There should be no correlation between editing the string and the resultant hash • No two strings should produce the same hash • Integrity only, no confidentiality

  28. Hash Message Authentication Code (HMAC) • Added to a one-way hash to provide authentication/confidentiality • A symmetric key is hashed and appended to the message before sending • The receiver performs the same operation and knows the message was sent by the right person • HMAC has no way to exchange the symmetric key

  29. CBC-MAC • Provides system authentication • Uses a symmetric block cipher to generate a MAC value, not a hashing algorithm • CMAC is an extension of CBC-MAC • Simply mathematically more secure • Used with AES & 3DES

  30. MD2 • 128-bit message digest value • Very slow

  31. MD4 • 128-bit message digest value • Much faster • Mostly software implementations

  32. MD5 • 128-bit hash • Harder to break than MD4/2 • MD5 is subject to collision attacks • Can’t be used for SSL certificates or digital signatures

  33. SHA • 160-bit hash value is calculated and fed into an asymmetric algorithm • Used for digital signatures • Newer versions include SHA-1 and SHA-2 • SHA-2 is under the names SHA-256/384/512 based on the hash length

  34. Haval • Modification of MD5 • 1,024-bit blocks • Hash from 128-256 bits

  35. Tiger • Used for 64-bit systems • Faster than MD5 and SHA-1 • 192-bit hash value • Built upon its own architecture • All others stem from MD4

  36. Birthday Attack • Collision Attack • Attacker attempts to compute a message that will result in the same hash as the original • The probability of this occurring is 2n/2 where n is the length of the hash • Uhhhhhh, what?

  37. Birthday Attack • How many people must be in a room that the chance is greater than 50/50 that another person has the same birthday as you? • 253 • How many people must be in a room for the chance to be greater than 50/50 that any two people share the same birthday? • 23

  38. Birthday Attack • Joe & Sue get married & have a pre-nup • Each gets their stuff back, new assets divided 50/50 • Sue gets the hash of the pre-nup • Adjusts the contract to say she gets everything • Adjusts the new message bit-by-bit till she finds a message with a hash value identical to the original

  39. Review

  40. Digital Signatures

  41. Digital Signatures • Digital signatures combine everything we’ve talked about so far • Symmetric • Asymmetric • Hashes

  42. Digital Signatures • If you: • Encrypt – confidentiality • Hash – integrity • Digitally sign – authentication, nonrepudiation, and integrity • Encrypt and digitally sign – confidentiality, integrity, authentication, and nonrepudiation

  43. Next Week • We will review encryption and digital signatures • The topic is Public Key Infrastructures (PKI) • This is the application of every cryptographic technique we have learned

More Related