1 / 26

ACG 5458 Encryption, Digital Signatures, and Message Digests

ACG 5458 Encryption, Digital Signatures, and Message Digests. Cryptography and Authentication. Security Issues Encryption Techniques, Key Infrastructures and Key Management Digital Signature Technology Role of Certificate Authorities in Key Management.

seven
Download Presentation

ACG 5458 Encryption, Digital Signatures, and Message Digests

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ACG 5458 Encryption, Digital Signatures, and Message Digests

  2. Cryptography and Authentication • Security Issues • Encryption Techniques, Key Infrastructures and Key Management • Digital Signature Technology • Role of Certificate Authorities in Key Management

  3. Five Security Services that Ensure Reliable, Trustworthy Transmission of Business Messages • Confidentiality • Integrity • Nonrepudiation • Authentication • Authorization (Access Control)

  4. OBJECTIVE TECHNIQUES SECURITY Privacy of message Encryption Confidentiality Message Hashing (Digest) Digital signatures Message Integrity Detecting message tampering Authentication Origin verification Something you are Something you have Something you know Proof of origin, time, and exact contents Non-repudiation Digital signatures Time stamps Bi directional hashing Access Controls Limiting entry to authorized users Firewalls Authentication controls Overview of Primary Security Issues

  5. Confidentiality • Confidentiality refers to the unavailability of a message to non-authorized readers • On the Internet, that involves making the message uninterruptible by others, usually through encryption

  6. Integrity Integrityrefers to the confidence that the contents of the message received are exactly the same as the contents of the message sent by the sender. Verification of integrityinvolves calculating and verifying a hash total of the message by both the sender and the receiver’s determination, similar to a check-sum digit. SHA-1 – Secure Hash Algorithm 1 a standard hashing algorithm.

  7. Authentication Authenticationrefers to the confidence that the message received really came from who the sender claims to be. For Internet messages, authentication involves showing one, two or three of the following factors: • Something only you have (token) • Something only you know (PIN) • Something only you are (fingerprints or signature) Common authentication measures include: Tokens, digital signatures, biometric devices, challenge-response systems, bi-directional digests, one-time-passwords, and smart cards

  8. Nonrepudiation Nonrepudiation eliminates the ability of the sender to acknowledge that a communication or transaction has occurred. Nonrepudiation involves • Proof of origin (sender authentication) • Proof of time (time message was created or sent) • Proof of content (message integrity) It can also include proof of receipt by the recipient

  9. Access Controls Access controls refer to restricting unauthorized parties from entry to data sharing Common access controls firewalls and authentication controls

  10. Encryption Techniques • Encryption is the transformation of data via a one-way mathematical function, into a form that is unreadable by anyone who does not possess the appropriate key. • Key: binary code used to transform the data • Cleartext: message in readable form • Ciphertext: encrypted message

  11. What Determines Cryptography Strength? • The cryptographic algorithm • The length of the key (direct relationship to strength of security: longer is better) • The protocol used to generate/manage/store the keys

  12. Symmetric Encryption • Secret key: so how do you share it? • Fast speed and difficult to crack if key is large • Single DES: developed by IBM in 1977; 56 bits • Can be cracked in less than a day • Triple DES: encrypts-decrypts-encrypts with 2 keys • New standard: AES – 128, 192, 256 bit keys • “Rijndael” winner of the international competition

  13. Receiver Sender identicalAESkeys Encoded Message Cleartext Message Cleartext Message encrypt decrypt Single Symmetric Encryption Method

  14. PKE - Public-Private Key Pairs • Uses a one-way function to develop a public and private key • Private key will encrypt, but not decrypt and vice versa • RSA is the primary key pair technology • Can be used in a variety of ways – Get the basics and then consider how it is applied in practice

  15. Student Professor Transmitted Message Professor’s Reading Of Penelope’s medical condition Penelope’s medical condition Professor’s Public Key Professor’s Private Key Encoded Message encrypt decrypt Confidentiality without origin authentication PKE Used to Provide Confidentiality

  16. PKE Used to Authenticate Sender Professor Student Transmitted Message Penelope’s Reading Of the Meeting Request Professor Requesting A Meeting Professor’s Private Key Professor’s Public Key Encoded Message encrypt decrypt Origin Authentication because only the professor has the professor’s private key

  17. Penny reading her grade PKE Used to Provide Confidentiality and Authentication of Sender Professor Penelope’s Private Key Student Penelope’s Public Key Prof sending her grade Prof’s Private Key Prof’s Public Key Double encoded message encrypt encrypt decrypt decrypt Origin authentication and confidentiality but way too slow

  18. Symmetric and PKE Combination Sender Receiver AES key encrypted with public key Recipient’s Public Key Recipient’s Private Key Random AES key Random AES key encrypt decrypt Clear Text Clear Text encrypt AES Encoded Message decrypt

  19. Message Hashing A message hash (or digest) is a mathematical representation of the message that has the following characteristics: • Used a “one way” mathematical function • The full data set cannot be reproduced from the hash • No two data sets will result in the same hash • Used to determine if a message has been altered • Can be used with encrypted and nonencrypted data • Similar to an accounting check-sum control

  20. Message Hash and Digital Signatures Digital signatures are message digests (hashes) that are encrypted with the sender’s private key The encrypted hash is sent with the message as the signature Digital signatures • Bind the message origin to the exact contents of the message • Establish sender authentication and message integrity (nonrepudiation)

  21. Sender Receiver DES key encrypted with public key Recipient’s Public Key Recipient’s Private Key Random DES key Random DES key encrypt decrypt Clear Text decrypt Clear Text encrypt DES Encoded Message Sender’s Public Key Sender’s Private Key R-calculate and Verify digest Calculate digest Encoded Digest decrypt encrypt Digital Signature and Encryption for Confidentiality

  22. Certificate Authorities Certificate authorities manage key pairs, verify key holders/users and issues digital certificates • VeriSign is the largest CA • Issues/Revokes key certificates • Publishes certificate revocation lists (CRLs) • May issue various grades of certificates • Industry standard for a digital certificate is ITU-T.X509

  23. Algorithm To Be Signed Certificate Signature Identifier Subject Signature Validity Serial Public Object Optional Version Algorithm Issuer Time Subject Extensions Number Key ID Parameters Identifier Period Info. Counter CA’s User of DN DN certificates issued by this CA Subject Extension Algorithm Criticality Extension Public Object ID Flag Value Key ID Object Optional ID Parameters Optional Object Algorithm ID DN=Distinguished Name Parameters X.509 version 3 Certificate Format

  24. SCENARIO A Public Certificate Provide key generating software Authority Individual • Verify individual Proof of identification • Generate own key • Issue certificate pair • Maintain public • Keep private key key & certificate Certificate General Certification Authority

  25. Key Management • Key generation • Key registration • Key escrow and recovery • Key updates and replacement • Key revocation and destruction

  26. Implications for the Accounting Profession Accountants need skills to understand • Confidentiality • Message Integrity • Authentication • Nonrepudiation • Access Controls • Internal Control and Risk Analysis

More Related