5th Session Slides
5th Session Slides
Chapter 1: Cryptography
1
Communications Security and Authentication
Secure Communication Needs and Requirements
Cryptography is the science of secret, or hidden writing, It has two main Components:
4
Cryptography Basics
Key A Key A
Encryption algorithms are standardized & published, the key which is an input to the algorithm is
secret Key is a string of numbers or characters:
• If same key is used for encryption & decryption the algorithm is called Symmetric
• If different keys are used for encryption & decryption the algorithm is called Asymmetric
5
Encryption - Symmetric Algorithms
• Algorithms in which the key for encryption and decryption are the same are Symmetric
6
Symmetric Encryption - Key Strength
Send to Recipient
Encrypted
Cipher Key
(RSA)
Session Key
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage,
distribute, use, store and revoke digital certificates and manage public-key encryption.
Cryptographic hash function
• Is a mathematical algorithm that maps data of any size to a fixed size ("hash value",
"hash", or "message digest"). It is a one-way function, that is, a function which is
practically infeasible to invert. Cryptographic hash functions are a basic tool of modern
cryptography.
• It is deterministic, meaning that the same message always results in the same hash
• It is quick to compute the hash value for any given message
• It is infeasible to find two different messages with the same hash value
• A small change to a message should change the hash value so extensively that the new
hash value appears uncorrelated with the old hash value.
Cryptographic hash function MD5 sample
Hashing Messages/Message Digests
Message
Message Digest
Digest
Algorithm
Authentication Basics
Walid’s
Walid’s Public Key
Private
Key
Message Message
Sent to Sent to
Receiver Receiver
Message
Sent to Digital Digital
Signature Signature Signature Signature Message is 100%
Mohamed confirmed to be
From Algorithm Sent to Sent to Algorithm
from Walid
Walid Receiver Receiver
Mohamed/The Receiver/Verifier
Walid/Sender
Mixing Hashing with/Digital Signatures
• A digital signature is a data item which accompanies or is logically associated with a digitally
encoded message.
• It has two goals
1. A guarantee of the source of the data
2. Proof that the data has not been tampered with
Sender’s Sender’s
Private Key Public Key
Message Digest Digest Message
Sent to Algorithm Algorithm Digest
Receiver
Same?
Digital
Message Signature Signature Signature Message
Digest Algorithm Sent to Algorithm Digest
Receiver
Sender Receiver
Authentication/Digital Signatures
Data Integrity/Digest Algorithm
Message
Message Digest Message
Walid’s From Walid’s
From Algorithm Digest
Private Key Walid Public Key
Walid To Ahmed
Digest
To Ahmed
Algorithm
Message wasn’t
Same? altered in transit
Message 100%
from Walid
Sender Receiver/Verifier
Asymmetric Encryption Protocols
• Set of rules that governs the communication of data related to authentication between the server and
the user
• Techniques used to build a protocol are
• Transformed password Hash
• Password transformed using one way function before transmission
• Prevents eavesdropping but not replay
• Challenge-response
• Server sends a random value (challenge) to the client along with the authentication request. This must be
included in the response
• Protects against replay
• One-time password
• New password obtained by passing user-password through one-way function n times which keeps
incrementing
• Protects against replay as well as eavesdropping
Authentication Biometrics