Create Presentation
Download Presentation

Download Presentation
## Symmetric versus Asymmetric Cryptography

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Why is it worth presenting cryptography?**• Top concern in security • Fundamental knowledge in computer security • A review for those who have taken the course Computer Security (and Integrity) • A need for those who have not**Symmetric**Alice and Bob agree on a cryptosystem Alice and Bob agree on a key Alice takes her plaintext message and encrypts it using the encryption algorithm and the key. This creates a ciphertext message Alice sends the ciphertext message to Bob Bob decrypts the ciphertext message with the same algorithm and key and reads it Asymmetric Alice and Bob agree on a public-key cryptosystem Bob sends Alice his public key Alice encrypts her message using Bob’s public key and sends it to Bob Bob decrypts Alice’s message using his private key Two kinds ofCryptography**Symmetric**Keys must be distributed in secret If a key is compromised, Eve (eavesdropper) can decrypt any message pretend to be one of the parties A network requires a great number of keys Asymmetric slow (~1000 times slower than the symmetric) vulnerable to chosen-plaintext attacks Problems**Public-key algorithms**• are not a substitute for symmetric algorithms • are not used to encrypt messages, they are used to encrypt keys (session keys used with symmetric algorithms to secure message traffic)**Hybrid Cryptosystems**• Bob sends Alice his public key. • Alice generates a random session key, K, encrypts it using Bob’s public key, and sends it to Bob. EB(K) • Bob decrypts Alice’s message using his private key to recover the session key. DB(EB(K)) = K • Both of them encrypt their communications using the same session key.**Symmetric**Alice encrypts her message to Bob with KA and sends it to Trent Trent decrypts the message with KA Trent takes the decrypted message and a statement that he has received this message from Alice, and encrypts the whole bundle with KB Trent sends the encrypted bundle to Bob Bob decrypts the bundle with KB. He can now read both the message and Trent’s certification that Alice sent it Asymmetric Alice encrypts the document with her private key, thereby signing the document Alice sends the signed document to Bob Bob decrypts the document with Alice’s public key, thereby verifying the signature Signing Documents**Digital Signatures with Encryption**• Alice signs the message with her private key SA(M) • Alice encrypts the signed message with Bob’s public key and sends it to Bob EB(SA(M)) • Bob decrypts the message with his private key DB(EB(SA(M))) = SA(M) • Bob verifies with Alice’s public key and recovers the message VA(SA(M)) = M**Bob signs the message with his private key, encrypts it with**Alice’s public key, and sends it back to Alice EA(SB(M)) If Mallory captures the message that Alice sent to Bob and claims that it came from him VM(SA(M)) = ? Bob still sends Mallory a receipt: EM(SB(VM(SA(M)))) = EM(DB(EM(DA(M)))) Mallory can read the message M by using his private key and public keys of Alice and Bob. Problem with resendingthe message as a Receipt**Attacks againstPublic-key Cryptography**• How Alice gets Bob’s public key? • from secure database • How to protect the public key? • database is read-only to everyone, only writable to Trent • Trent can sign each public key by his own private key (Key Certification Authority or Key Distribution Center)**Conclusion**• No perfect method • each has its own weaknesses • be aware of being attacked • Good to combine different methods**Reference**[1] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. Introduction to Algorithms. MIT Press and McGraw-Hill, 2001. ISBN 0-262-03293-7. Section 31.7: The RSA public-key cryptosystem, pp.881–887 [2] Bruce Schneier. Applied Cryptography. John Wiley & Sons, Inc. 1996. (ISBN: 0471128457)