1 / 60

SYMMETRIC & ASYMMETRIC ENCRYPTION

SYMMETRIC & ASYMMETRIC ENCRYPTION. INTRODUCTION. An original message is known as the plaintext coded message is called the ciphertext The process of converting from plaintext to ciphertext is known as enciphering or encryption

etan
Download Presentation

SYMMETRIC & ASYMMETRIC ENCRYPTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SYMMETRIC & ASYMMETRIC ENCRYPTION

  2. INTRODUCTION • An original message is known as the plaintext • coded message is called the ciphertext • The process of converting from plaintext to ciphertext is known as enciphering or encryption • Restoring the plaintext from the ciphertext is decipher or decryption

  3. SYMMETRIC CIPHER MODEL

  4. SYMMETRIC CIPHER INGREDIENTS A symmetric encryption scheme has five ingredients Plaintext Encryption algorithm Substitution cipher Transposition cipher Secret key Ciphertext Decryption algorithm

  5. Model of Conventional Cryptosystem

  6. CRYPTOGRAPHY “cryptography is the art and science of achieving security by encoding message to make them non-readable” Fig: cryptographic system

  7. PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEM Confidentiality

  8. PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEM Authentication

  9. PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEM Authentication and confidentiality

  10. ENCRYPTION ALGORITHM CAESAR CIPHER PLAYFAIR CIPHER HILL CIPHER Vernam cipher (one time pad) Vigener Cipher Shift Cipher

  11. CAESAR CIPHER

  12. PLAYFAIR CIPHER Creation and Population Of Matrix suppose that our keyword is PLAYFAIR EXAMPLE then, the 5×5 matrix containing our keyword will look as shown in fig.

  13. PLAYFAIR CIPHER Encryption Process Before execution these steps, the plaintext message that we want to encrypt needs to be broken down into group of two alphabets. For example : if our message is my name is sagar It becomes my na me is sa ga rx. The encryption process works on this broken-down message. If both alphabets are the same (or only one is left), add an x after the first alphabet. Encrypt the new pair and continue. If both the alphabets in the pair appear in the same row of our matrix, replace them with alphabets to their immediate right respectively. If the original pair is on the right side of the left side of the row. If both the alphabets in the pair appear in the same column of our matrix, replace them with alphabets immediately below them respectively. If the original pair is on the bottom side of the row, then wrapping around to the top of the row happens. If the alphabets are not in the same row or column replace them with the alphabets in the same row respectively, but at the other pair of corners of the rectangle defined by the original pair.

  14. PLAYFAIR CIPHER Example Plain text : MY NAME IS SAGAR Keyword : PLAYFAIR EXAMPLE Create a matrix using keyword Breaks the original text into pairs of two alphabets each MY NA ME IS SA GA RX

  15. PLAYFAIR CIPHER Example Now we apply our playfair algorithm to this text. The first pair of alphabet is MY So, M is replace with X and Y is replace with F

  16. PLAYFAIR CIPHER Example The second pair of alphabet is NA N is replace with O and A is replace with L Repeat the procedure for all pair then you get ciphertext like Cipher text : XFOLIXMKOFDYEM

  17. HILL CIPHER

  18. HILL CIPHER

  19. HILL CIPHER

  20. Vernam cipher (one time pad) • Example : • Plaintext : HOW ARE YOU • Onetime pad : NCB TZQ ARX

  21. Vigener Cipher Information warefare conducted against the information and information processing equipment used by an adversary.

  22. Vigener Cipher Example:

  23. Shift Cipher How to Encrypt: For every letter in the message M : 1. Convert the letter into the number that matches its order in the alphabet starting from 0, and call this number X.( A=0, B=1, C=2, ...,Y=24, Z=25) 2. Calculate: Y = (X + K) mod 26 3. Convert the number Y into a letter that matches its order in the alphabet starting from 0. (A=0, B=1, C=2, ...,Y=24, Z=25)

  24. TRANSPOSITION TECHNIQUES Rail fence technique Example : come home tomorrow Now read the text row by row and write it sequentially thus we have cmhmtmrooeoeoorw as a ciphertext

  25. steganography It is technique that facilitates hiding of a message that is to be kept secret inside other message. Various other techniques have been used historically. Character Marking Invisible INK Pin Punctures Typewriter Correction ribbon

  26. HASHING “A cryptographic hash function is a hash function which is considered practically impossible to invert that is to recreate the input data from its hash value alone.”

  27. Application of Cryptographic Verifying the integrity of files or messages Password verification File or data identifier Pseudorandom generation and key derivation

  28. REQUIREMENT FOR A CRYPTOGRAPHIC HASH FUNCTION To be useful for message authentication a hash function H must have the following Properties. H can be applied to a block of data of any size. H produces a fixed length output. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. For any given value h, it is computationally infeasible to find x such that H(x)=h. This is sometimes referred to in the literature as the one-way property. For any given block x. it is computationally infeasible to find y≠x such that H(y)=H(x).This is sometimes referred to as weak collision resistance.

  29. SECURE HASH ALGORITHM (SHA) • Step1 : Padding • Step2 : Append length • Step3 : Divide the input into 512 bit blocks • Step 4 : Initialize chaining variables • Step 5 : Process blocks

  30. Step1 : Padding

  31. Step2 : Append length

  32. Step3 : Divide the input into 512 bit blocks

  33. Step 4 : Initialize chaining variables In SHA the variables A though D have the same values as they had in MD5. Additionally, E is initialized to HEX C3 D2 E1 F0

  34. Step 5 : Process blocks • Copy the chaining variables A-E into variable a-e. The combination of a-e, called as abcde will be considered as a single register for storing the temporary intermediate as well as the final results.  • Now, divide the current 512-bit block into 16 sub block, each consisting of 32 bits.

  35. Step 5 : Process blocks SHA has four rounds, each round consisting of 20 steps. Each round takes the current 512-bit block, the register abcde and a constant k[t](where t=0 to 79) as the three inputs. It then updates the content of the register abcde using the SHA algorithm steps. Also notable is the fact that we had 64 constants defined as t in MD 5. Here we have only four constants defined for k[t], one used in each of the rounds. The values of k[t] are as shown in table

  36. Step 5 : Process blocks • SHA consist of four rounds, each round containing 20 iterations. This makes it a total of 80 iterations. The logical operation of a single SHA iteration looks as shown in fig

  37. DIGITAL SIGNATURES • “a digital signature is an authentication mechanism that enables the creator of a message to attach a code that act as a signature.”

  38. Requirements For Digital Signature • The signature must be a bit pattern that depends on the message being signed. • The signature must use some information unique to the sender, to prevent both forgery and denial. • It must be relatively easy to produce the digital signature. • It must be relatively easy to recognize and verify a digital signature either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. • It may be practical to retain (keep) a copy of the digital signature in storage.

  39. Process for generating digital signature

  40. Properties of Digital Signature Two main properties are required for digital signature • The authenticity of a signature generated from a fixed message and fixed private key can be verified by using the corresponding public key. • It should be computationally infeasible to generate a valid signature for a party without knowing that party’s private key.

  41. Digital signature services • A digital signature can provide authentication, message integrity and nonrepudiation. www.yesnarayanan.blogspot.com

  42. KEY ESCROW • Key escrow is the process of giving keys to a third party so that they can decrypt and read sensitive information if the need arises. Key escrow almost always pertains to handling over encryption key to the government, or to another higher authority, so that the keys can be used to collect evidence during investigation. • A key pair used in a person’s place of work may be required to be escrowed by the employer for two reasons. First, the keys are property of the enterprise, issued to the worker for use. Second, the firm may have need for them after an employee leaves the firm. www.yesnarayanan.blogspot.com

  43. PUBLIC KEY INFRASTRUCTURES • A public key infrastructure(PKI) provides all the components necessary for different types of users and entities to be able to communicate security and in a predictable manner. • A PKI is a made up of hardware applications policies, services, programming, interfaces, cryptographic algorithm, protocols users and utilities. • These components work together to allows communication to take place using public key cryptography and symmetric keys for digital signature, data encryption and integrity. • Although many different applications and protocols can provide the same type of functionality, constructing and implementing a PKI boils down to establishing a level of trust. • If for example, sagar and Vrunda want to communicate securely, sagar can generate his own public/private key pair and send his public key to Vrunda or he can place his public key in a directory that is available to every one • If Vrunda receives sagar’s public key, either from him or from a public directory, how does she know the key really came from sagar? May be another individual, Jigar, is masquerading as sagar and has replaced sagar’s public key with his own as shown in fig(refered to as man in the middle attack) www.yesnarayanan.blogspot.com

  44. PUBLIC KEY INFRASTRUCTURES www.yesnarayanan.blogspot.com

  45. PUBLIC KEY INFRASTRUCTURES • If this took place, Vrunda would believe that her message could be read only by sagar and that the replies were actually from him. However, she would actually be communicating with Jigar. • What is needed is a way to verify an individual’s identity, to ensure that a person’s public key bounded to their identity and thus ensure that the previous scenario(and other) can not take place. • In PKI environments, entities called registration authorities(RAs) and certificate authorities(CAs) provide services similar to those of the department of motor vehicles(DMV). • When sagar goes to register for a driver’s license, he has to prove his identity to the DMV by providing his passport. Birth certificate, or other identification documentation. • If the DVM is satisfied with the proof sagar provides(and sagar passes a driving test), the DMV will create a driver’s lincense that can then be used by sagar to prove his identity. • Whenever Sagar needs to identify himself, he can show his driver’s license. Although many people may not trust sagar to identify himself truthfully, they do not trust the third party, the DVM. www.yesnarayanan.blogspot.com

  46. PUBLIC KEY INFRASTRUCTURES • In the PKI context, while some variation exist in specific products, the RA will require requesting a certificate and will validate this information. • The RA will then advice the CA to generate a certificate, which is analogous to a driver’s license. • The CA will digitally sign the certificate using its private key. • The use of private key ensure to the recipient that the certificate came from the CA. when Vrunda receives sagar’s certificate and verifies that it was actually digitally signed by a CA that she trusts, she will belive that the certificate is actually sagar’s –not because she trusts sagar, but because she trusts the entity that is vouching for his identity(the CA). www.yesnarayanan.blogspot.com

  47. PUBLIC KEY INFRASTRUCTURES • This is commonly refered to as a third party trust model. Public keys are components of a digital certificates, so when Vrunda verifies the CA’s digital signature, this verifies that the certificate is truly sagar’s and that the public key the certificate contains is also sagar’s. This is how sagar’s identity is bound to his public key. • This process allows sagar to authenticate himself to Vrunda and others. Using the third-party certificate, sagar can communicate with Vrunda, using public key encryption, without prior communication or a preexisting relationship. • Once Vrunda is convince of the legitimacy of sagar’s public key, she can use it to encrypt message between herself and sagar, as illustrated in fig above www.yesnarayanan.blogspot.com

  48. DIGITAL CERTIFICATE • “A digital certificate binds an individual’s identity to a public key, and it contains all the information a receiver needs to be assured of the identity of the public key owner.” www.yesnarayanan.blogspot.com

  49. Types of certificate • Four main type of certificates are given below • End entity certificate • CA certificate • Cross certification certificates • Policy certificate www.yesnarayanan.blogspot.com

  50. Steps for obtaining digital certificate www.yesnarayanan.blogspot.com

More Related