Create Presentation
Download Presentation

Download Presentation
## Lesson 12-Encryption

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Overview**• Understand basic encryption concepts. • Understand private key encryption. • Understand public key encryption. • Understand digital signatures. • Understand key management. • Understand trust in the system.**Understand Basic Encryption Concepts**• Encryption is simply the obfuscation of information in such a way so as to allow authorized individuals to see it, but to hide it from unauthorized individuals. • Individuals having the appropriate key to decrypt the information are defined as authorized.**Understand Basic Encryption Concepts**Security Services with encryption: • Confidentiality: Used to hide information from unauthorized individuals, either in transit or in storage. • Integrity: Used to identify changes to information either in transit or in storage. • Accountability: Used to authenticate the origin of information and prevent the origin of information from repudiating the fact that the information came from that origin.**Understand Basic Encryption Concepts**Encryption terms: • Plaintex • Ciphertex • Algorithm • Key • Encryption**Understand Basic Encryption Concepts**Encryption terms (continued): • Decryption • Cryptography • Cryptographer • Cryptanalysis • Cryptanalyst**Understand Basic Encryption Concepts**Encryption systems can be attacked in three ways: • Through weaknesses in the algorithm. • Through brute force against the key. • Through weaknesses in the surrounding system.**Understand Private Key Encryption**Private key encryption: • Requires all parties who are authorized to read the information to have the same key. • Reduces the overall problem of protecting the information to one of protecting the key. • Is the most widely used encryption.**Understand Private Key Encryption**• What is private key encryption? • Substitution ciphers. • One-time pads. • Triple DES. • Data encryption standard. • Password encryption.**What is Private Key Encryption?**• Private key encryption is also known as symmetric key encryption because it uses the same key to encrypt information as is needed to decrypt. • Private key encryption provides for the confidentiality of the information while it is encrypted. • Only those who know the key can decrypt the message.**What is Private Key Encryption?**Private key algorithm**Substitution Ciphers**• Julius Caesar used a substitution cipher called the Caesar cipher. • This cipher consists of replacing each letter with the letter three positions later in the alphabet.**Substitution Ciphers**• Substitution ciphers suffer from one primary weakness—the frequency of the letters in the original alphabet does not change. • Further development of frequency analysis also shows that certain two- and three-letter combinations show up frequently.**One Time Pads**• The One Time Pads (OTPs) system is the only theoretically unbreakable encryption system. • An OTP is a list of numbers, in a completely random order. It is used to encode a message. • As its name implies, the OTP is only used once. • OTPs are used (but only for short messages) in very high-security environments.**Data Encryption Standard**• The algorithm for the Data Encryption Standard (DES) was developed by IBM in the early 1970s. • DES uses a 56-bit key. The key uses 7 bits of eight 8-bit bytes (the 8th bit of each byte is used for parity). • DES is a block cipher that operates on one 64-bit block of plaintext at a time. • There are 16 rounds of encryption in DES, where each round uses a different subkey.**Data Encryption Standard**DES Block Diagram**Data Encryption Standard**There are four modes of operation for DES: • Electronic code book. • Cipher block chaining. • Cipher feedback. • Output feedback.**Triple DES**Triple DES functional Diagram**Password Encryption**• The standard Unix password encryption scheme is a variation of DES. The password encryption function is actually a one-way function. • Each user chooses a password. The algorithm uses the first eight characters of the password.**Password Encryption**• The system then chooses a 12-bit number based on the system time. This is called the salt. • Most Unix systems now offer the option of using shadow password files for just this reason.**The Advanced Encryption Standard: Rijndael**• At the end of 2000, NIST announced that Joan Daemen and Vincent Rijmen, cryptographers from Belgium, had won the competition with their algorithm Rijndael. • Rijndael is a block cipher that uses keys and blocks of 128, 192, or 256 bits. These key lengths make brute-force attacks computationally infeasible at this time. • The algorithm consists of 10 to 14 rounds, depending on the size of the plaintext block and the size of the key.**Other Private Key Algorithms**There are several other private key algorithms available in various security systems. Among them are the following: • The International Data Encryption Algorithm (IDEA) was developed in Switzerland. IDEA uses a 128-bit key and is also used in Pretty Good Privacy (PGP). • RC5 was developed by Ron Rivest at MIT. It allows for variable length keys.**Other Private Key Algorithms**Private key algorithms (continued): • Skipjack was developed by the United States government for use with the Clipper Chip. It uses an 80-bit key, which may be marginal in the near future. • Blowfish allows for variable length keys up to 448 bits and was optimized for execution on 32-bit processors.**Understand Public Key Encryption**• Public Key encryption is a more recent invention than private key encryption. • The primary difference between the two types of encryption is the number of keys used in the operation. • The private key encryption uses a single key to both, encrypt and decrypt information. • The public key encryption uses two keys. One key is used to encrypt information and a different key, to decrypt it.**Understand Public Key Encryption**• What is public key encryption? • Diffe-Hellman key exchange. • RSA.**What is Public Key Encryption**• The public key is published with information as to who is the owner. • Another property of public key encryption is that if you have one of the keys of a pair, you cannot compute the other key. • If confidentiality is desired, encryption is performed with the public key.**What is Public Key Encryption**Public key encryption**Diffe-Hellman Key Exchange**• The Diffe-Hellman key exchange was developed to solve the problem of key distribution for private key encryption systems. • The idea was to allow a secure method of agreeing on a private key without the expense of sending the key through another method.**Diffe-Hellman Key Exchange**Functioning of Diffe-Hellman algorithm: • Assume we have two people who need to communicate securely and thus need to agree on an encryption key. • P1 and P2 agree on two large integers a and b such that 1 < a < b. • P1 then chooses a random number i and computes I = ai mod b. P1 sends I to P2.**Diffe-Hellman Key Exchange**Functioning of Diffe-Hellman algorithm (continued): • P2 then chooses a random number j and computes J = aj mod b. P2 sends J to P1. • P1 computes k1 = Ji mod b. • P2 computes k2 = Ij mod b. • We have k1 = k2 = aij mod b and thus k1 and k2 are the secret keys to use for the other transmission.**RSA**• In 1978, Ron Rivest, Adi Shamir, and Len Adleman released the Rivest-Shamir-Adleman (RSA) public key algorithm. • Unlike the Diffe-Hellman algorithm, RSA can be used for encryption and decryption. • Also unlike Diffe-Hellman, the security of RSA is based on the difficulty of factoring large numbers.**RSA**The basic algorithm for confidentiality is very simple: • ciphertext = (plaintext)e mod n • plaintext = (ciphertext)d mod n • private key = {d, n} • public key = {e, n} The difficulty in calculating d given e and n provides the security.**Generating RSA keys**To generate an RSA key pair, follow these steps: • Choose two prime numbers p and q and keep them secret. • Calculate n = pq. • Calculate φ(n) = (p – 1)(q – 1). • Select e such that e is relatively prime to φ(n). • Determine d such that (d)(e) = 1 mod φ(n) and that d < φ(n).**Understand Digital Signatures**• Digital signature is a method of authenticating electronic information using encryption. • Digital signatures protect information from modification after it has been received and decrypted.**Understand Digital Signatures**• Digital signatures put information through a hash function to create a checksum that is encrypted with a private key and travels with the information. • This checksum can be used to verify that the information was not modified.**Understand Digital Signatures**• The security and usefulness of a digital signature depend on the protection of the user’s private key and a secure hash function. • A hash function is secure if: • the function is one-way, and • it is difficult to construct two pieces of information that provide the same checksum when run through the function.**Understand Digital Signatures**• Secure hash functions should create a checksum of at least 128 bits. • The two most common hash functions are MD5 and SHA.**Understand Digital Signatures**Digital Signature operation**Understand Key Management**• Key management is one of the most critical aspects of an encryption system. • It includes creating strong keys, distributing them securely, certifying them correct, protecting while in use, and revoking them when they are compromised or expired. • Most encryption systems have a method for users to generate keys—in many cases, the user chooses a password.**Understand Key Management**• Keys must be transported securely to ensure the integrity of the keys. • If keys are transmitted, they must be checked on arrival to ensure they have not been manipulated (usually done manually or by digital signatures).**Understand Key Management**• Certificate Authorities (CAs) ensure the integrity of the keys and prevent an attacker from introducing their own keys. • Public keys require integrity protection (provided by certification), but they do not require confidentiality protection. However, all copies of the private key of a public key system must be protected at all times.**Understand Key Management**• Session keys may only exist for a given session and may be deleted after the session. • Public key pairs are generally certified for one or two years. • If a key is lost or compromised, the owner of the key should inform users that it is not to be used. • In the case of a public key encryption system, the owner must post the revocation to all of the potential key servers.**Understand trust in the System**• Trust is the underlying concept of all security and encryption. • There are two primary models that are used for trust: • Hierarchical trust • Web of trust**Understand trust in the System**• The Hierarchical Trust model is based on a chain of authority, in which you trust someone if someone higher up in the chain certifies it. • The Hierarchical Trust model is complicated to put into practice because there is no real root-level CA. • Establishing an internal CA and public key infrastructure for a business is a challenging task that demands a lot of resources.**Understand trust in the System**• The Web of Trust model was first used by Pretty Good Privacy (PGP). • It is based on the concept that each user certifies their own certificate and passes that certificate off to known associates. • The primary advantage is that there is no large investment in infrastructure. • The primary disadvantage is a lack of scalability.**Summary**• Encryption is simply the obfuscation of information in such a way so as to allow authorized individuals to see it, but to hide it from unauthorized individuals. • The Private Key encryption requires all parties authorized to read the information to have the same key. • The Public Key encryption uses two keys. One key is used to encrypt information and another key is used to decrypt it.**Summary**• A digital signature is a method of authenticating electronic information using encryption. • Key Management includes creating strong keys, distributing them securely, certifying that they are correct, protecting them while they are in use, and revoking them when they are compromised or expired. • There are two primary models that are used for trust: Hierarchical Trust and Web of Trust.