1 / 52

Encryption, Cryptography and Network Security

Encryption, Cryptography and Network Security. Cyber Security . What is encryption?. A process that converts original information, also called plain text into a difficult-to-interpret form called ciphertext .

kamuzu
Download Presentation

Encryption, Cryptography and Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encryption, Cryptography and Network Security Cyber Security

  2. What is encryption? • A process that converts original information, also called plain text into a difficult-to-interpret form called ciphertext. • Done by using an encryption algorithm, a formula used to turn plain text into ciphertext. • Two types: Asymmetric and Symmetric

  3. Asymmetric Encryption

  4. Symmetric Encryption

  5. Which one is better? • Although, symmetric encryption is fast, it is not as safe as asymmetric encryption because someone could “steal” the key and decode the messages. But because of its speed, it's commonly used for e-commerce transactions. • Asymmetric encryption is more complex--and more secure. Asymmetric encryption's added safety comes at a price: More computation is required, so the process takes longer. (several orders or magnitude longer)

  6. Who’s using encryption? • If you use a computer and the internet, you’re using encryption! • Enables all organizations regardless of their size, to be both user-and-IT friendly.

  7. Why use encryption? • Authentication • Protects personal data such as passwords. • Privacy • Provides for confidentiality of private information. • Integrity • Ensures that a document or file has not been altered. • Accountability • Prevents denial or plagiarism.

  8. Examples of Encryption • Web browser encryption • Email encryption • Hard drive encryption • Operating system protection

  9. What is cryptography? • “hidden writing” • Until recently: military tool • Like any military technology: methods change over time • Two sides: • designing codes • breaking codes (cryptanalysis) • Computers have changed both

  10. How do we encrypt? • Protocol, or scheme: method of encryption • Cryptovariable, or key:secret information • Symmetric Encryption: protocol is reversible! The method is the same for encryption and decryption. plaintext protocol ciphertext cryptovariable

  11. Example: Caesar Shift • Protocol: shift each letter by the same amount • Cryptovariable: amount to shift • Decryption: shift back the same amount IBM HAL -1 Veni, vidi, vici Foxs, fsns, fsms

  12. Substitution Cipher • Allow any permutation of the alphabet • Key = permutation; 26! possibilities • 26! = 403,291,461,126,605,635,584,000,000 • Roughly 288: checking 1 billion per second, would take 12 billion years • Is there a better way? • al-Kindi, ninth century: frequency analysis

  13. A harder example • Shorter = less information • R occurs 10 times, A occurs 9 times • (all others occur 4 or fewer times) • Telegraph style; fewer short words YIRLAZ MRACIRB CR PKORI CRP: MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  14. A harder example E E E E E E YIRLAZ MRACIRB CR PKORI CRP: E E E E MRPPVAMQAY MRLACZRGA, VAYQAVW RA E doesn’t begin any common 2-letter words

  15. A harder example O O O O O O YIRLAZ MRACIRB CR PKORI CRP: O O O O MRPPVAMQAY MRLACZRGA, VAYQAVW RA A occurs 9 times. What could it be?

  16. A harder example O N ON O O O O YIRLAZ MRACIRB CR PKORI CRP: O N N O N O N N N ON MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  17. A harder example O N ONT O TO O TO YIRLAZ MRACIRB CR PKORI CRP: O N N O NT O N N N ON MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  18. A harder example G O N ONT O TO O TO YIRLAZ MRACIRB CR PKORI CRP: O N ING O NT O N NGIN ON MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  19. A harder example GROUND CONTROL TO MAJOR TOM: YIRLAZ MRACIRB CR PKORI CRP: COMMENCING COUNTDOWN, ENGINES ON MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  20. The perfect cryptosystem • One-time pad: encrypt each letter with its own key • Example: Caesar shift each letter separately • Ci= Pi + Ki (mod 26) • To encrypt n bits, use n bits of key • This uses up lots of key bits; need to prearrange • How do you generate key bits?

  21. Enigma Machine • German cryptosystem in World War II • Same idea: modify letters • Scrambler disks implement permutation • Rotate after each letter, so many different permutations used • Additional permutation provided by plugboard

  22. Enigma Machine • German cryptosystem in World War II • Same idea: modify letters • Scrambler disks implement permutation • Rotate after each letter, so many different permutations used • Additional permutation provided by plugboard

  23. Enigma Machine

  24. Enigma Key • Key changed daily • 3 scramblers in one of 6 orders • In 1938: 3 of 5, so 60 arrangements • 263 = 17,576 settings for scramblers • Billions of plugboard settings • Alan Turing: bypassed plugboard • Used known plaintext, exhausted over space • British were able to read traffic

  25. Navajo Code Talkers • Americans in the Pacific during WWII • Each troop had one Navajo • Even after figuring out system, Japanese couldn’t break it • Like a one-time pad: prearranged secret is a whole language • May not be feasible today

  26. Modern Symmetric Cryptography • Assume the protocol is known to the enemy • Only the key is secret • Encryption, cryptanalysis use computers • Operate on bits, rather than letters • DES, AES • Open standards; let everyone try to break it • Closed design often fails (cell phones) • Don’t try this in-house

  27. Key Distribution • Secure communication requires a key • How do you exchange keys securely? • Military: codebooks in field could fall into enemy hands • Commerce: might not meet face-to-face • Seems to be a Catch-22

  28. Paradigm Shift • Alice wants to mail Bob a letter securely • If they share a “key”, Alice locks, Bob unlocks • If not: Alice puts on padlock, sends box to Bob • Bob adds his padlock, sends box back to Alice • Alice removes her padlock, sends box to Bob • Bob unlocks box, reads letter • Problem: how to translate this to mathematics

  29. Paradigm Shift Alice, Bob agree on information Y Bob computes B(Y) Mails it to Alice Alice computes A(Y) Mails it to Bob Bob computes B(A(Y)) Alice computes A(B(Y)) A(B(Y)) = B(A(Y)) = secret key “Eve” knows Y, A(Y), B(Y), but can’t compute key Problem: how do you make A(B(Y)) = B(A(Y))?

  30. Diffie-Hellman-Merkle (1976) • Modular Arithmetic • Choose Y, modulus p • Alice’s function is YA (mod p) • Bob’s function is YB (mod p) • Key is YAB= YBA(mod p) • Eve can’t compute YAB from Y, YA, YB • We think (no one can prove it) • One problem: must communicate to get key

  31. One-way Functions • Easy to compute, hard to reverse • Example: f (A) = YA (mod p) • f -1(YA) is called “discrete log” • Hard to compute (we think) • Could always do exhaustive search • Here, there are p-1 choices

  32. Cryptographic Primitives • Building blocks for algorithms • Example: one-way functions • Protocols built out of primitives • Example: Diffie-Hellman-Merkle • Protocols built out of other protocols • Example: • 1. Use Diffie-Hellman to exchange key • 2. Use symmetric encryption, key to encode message • Good, “modular” design

  33. Trapdoor one-way functions • Another useful primitive • f (X) is easy to compute • f -1(Y) is hard for most people to compute • But: easy to compute if you know a secret • There are trapdoor one-way functions • Found by Rivest-Shamir-Adleman, 1977 • Rely on difficulty of factoring large integers

  34. Idea behind public key • Bob publishes design specs for a padlock • Alice wants to send Bob a box • Alice builds a Bob padlock, locks the box • Bob unlocks box using his key • Eve intercepts box, knows design specs • Goal: Eve still can’t build a key • Padlock = trapdoor one-way function

  35. Public Key Cryptography • Alice wants to talk to Bob: computes key X • Alice sends Bob fB(X) (Bob’s function) • Bob computes fB-1 (fB(X)) = X • Both Alice and Bob know X, use as key for symmetric encryption • Eve knows fB(X); can’t compute X • Asymmetric encryption • Whitfield Diffie, 1975

  36. + K (m) - + m = K (K (m)) B B B Public Key Cryptography + Bob’s public key K B - Bob’s private key K B encryption algorithm decryption algorithm plaintext message plaintext message, m ciphertext

  37. RSA: Choosing Keys • Choose two large prime numbers p, q. (e.g., 1024 bits each) • Compute n = pq, z = (p-1)(q-1) • Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). • Choose d such that ed-1 is exactly divisible by z(in other words: ed mod z = 1 ). • Public key is (n,e) . Private key is (n,d).

  38. RSA: Encryption, decryption • Given (n,e) and (n,d) as computed before • To encrypt bit pattern, m, compute: • c = me mod n • To decrypt received bit pattern, c, compute • m = cd mod n

  39. e c = m mod n d d c m = c mod n RSA example • Bob chooses p=5, q=7. Then n=35, z=24. • e=5 (so e, z relatively prime). • d=29 (so ed-1 exactly divisible by z. e m m letter encrypt: l 17 1524832 12 c letter decrypt: 17 12 l 481968572106750915091411825223071697

  40. Digital Signature Scheme • Alice wants to send Bob a message, sign it • Alice sends Bob X and S = fA-1 (X) • Bob checks that fA(S) = X • Therefore Bob knows that S = fA-1 (X) • Only Alice can compute fA-1 (X) easily, so Alice must have sent the message • Same primitive, new protocol

  41. Revolution • New ideas made cryptography an option for commerce • PCs gave everyone computing power • Zimmerman’s PGP: gave everyone access • SSL in web browsers

  42. Quantum Computation • Computers revolutionized cryptographic design and cryptanalysis • Quantum computers may one day do the same • Quantum key exchange: guaranteed secure • A quantum computer could factor large integers in polynomial time • We may never live to see one

  43. Symmetric Cryptography DES (Data Encryption Standard) • US encryption standard [NIST 1993] • 56-bit symmetric key, 64-bit plaintext input • How secure is DES? • DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months • no known “backdoor” decryption approach • making DES more secure: • use three keys sequentially (3-DES) on each datum • use cipher-block chaining

  44. Symmetric Cryptography: DES (Data Encryption Standard) • DES Operations • 1) initial permutation • 2) 16 identical “rounds” of function application, each using different 48 bits of key • 3) final permutation

  45. Symmetric Cryptography: AES (Advanced Encryption Standard) • new (Nov. 2001) symmetric-key NIST standard, replacing DES • processes data in 128 bit blocks • 128, 192, or 256 bit keys • brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES

  46. Trusted Intermediaries • Symmetric key problem: • How do two entities establish shared secret key over network? • trusted key distribution center (KDC) acting as intermediary between entities • Public key problem: • When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? • trusted certification authority (CA)

  47. Certification Authorities • Certification authority (CA): binds public key to particular entity, E. • E (person, router) registers its public key with CA • E provides “proof of identity” to CA. • CA creates certificate binding E to its public key. • certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” • When Alice wants Bob’s public key: • gets Bob’s certificate (Bob or elsewhere). • apply CA’s public key to Bob’s certificate, get Bob’s public key

  48. Certificates contain… - -Serial number (unique to issuer) - info about certificate owner, including algorithm and key value itself (not shown) -info about certificate issuer -valid dates -digital signature by issuer

  49. Pretty good privacy (PGP) • Internet e-mail encryption scheme, de-facto standard. • uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. • provides secrecy, sender authentication, integrity. • inventor, Phil Zimmerman, was target of 3-year federal investigation. ---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 Bob:My husband is out of town tonight.Passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE---

  50. Secure sockets layer (SSL) • transport layer security to any TCP-based app using SSL services. • used between Web browsers, servers for e-commerce • security services: • server authentication • data encryption • client authentication (optional) • server authentication: • SSL-enabled browser includes public keys for trusted CAs. • Browser requests server certificate, issued by trusted CA. • Browser uses CA’s public key to extract server’s public key from certificate. • check your browser’s security menu to see its trusted CAs.

More Related