Scribd
Upload
43 views28 pages

5th Session Slides

This document provides an overview of cryptography and data security concepts. It discusses the needs for secure communication like secrecy during wartime or for business transactions. Cryptography ensures secrecy through encryption, and authentication by validating the identity of users. Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses different public and private keys. Symmetric algorithms like AES and RC4 are faster but key distribution is an issue. Asymmetric algorithms like RSA use a key pair and digital certificates to avoid man-in-the-middle attacks. Cryptographic hash functions and digital signatures provide message integrity and authentication.

Uploaded by

Mohamed Abbas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPSX, PDF, TXT or read online on Scribd
43 views28 pages

5th Session Slides

This document provides an overview of cryptography and data security concepts. It discusses the needs for secure communication like secrecy during wartime or for business transactions. Cryptography ensures secrecy through encryption, and authentication by validating the identity of users. Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses different public and private keys. Symmetric algorithms like AES and RC4 are faster but key distribution is an issue. Asymmetric algorithms like RSA use a key pair and digital certificates to avoid man-in-the-middle attacks. Cryptographic hash functions and digital signatures provide message integrity and authentication.

Uploaded by

Mohamed Abbas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPSX, PDF, TXT or read online on Scribd
You are on page 1/ 28

Module 3: Data Security & Privacy

Chapter 1: Cryptography

1
Communications Security and Authentication
Secure Communication Needs and Requirements

Needs for secure communication:


• War time communication
• Business transactions
Requirements of secure communication
1. Secrecy
– Only intended receiver understands the message
2. Authentication
– Sender and receiver need to confirm each other's identity
3. Message Integrity
– Ensure that their communication has not been altered, either maliciously or by accident
during transmission
Cryptography Basics

Cryptography is the science of secret, or hidden writing, It has two main Components:

Encryption & Secrecy


– Practice of hiding messages so that they can not be read by anyone other than the intended recipient

Authentication & Integrity


– Ensuring that users of data/resources are the persons they claim to be and that a message has not been
stealthily altered

4
Cryptography Basics

Plain Text Encryption Cipher Text Decryption Plain Text


Algorithm Algorithm

Key A Key A

Encryption algorithms are standardized & published, the key which is an input to the algorithm is
secret Key is a string of numbers or characters:
• If same key is used for encryption & decryption the algorithm is called Symmetric
• If different keys are used for encryption & decryption the algorithm is called Asymmetric
5
Encryption - Symmetric Algorithms

• Algorithms in which the key for encryption and decryption are the same are Symmetric

• Types of Symmetric Algorithms:


1. Block Ciphers
– Encrypt data one block at a time (typically 64 bits, or 128 bits)
– Used for a large amounts of Data
2. Stream Ciphers
– Encrypt data one bit or one byte at a time
– Used if data is a constant stream of information

6
Symmetric Encryption - Key Strength

Strength of algorithm is determined by the size of the key


• The longer the key the more difficult it is to crack
Key length is expressed in bits
• Typical key sizes vary between 48 bits and 448 bits
Set of possible keys for a cipher is called key space
• For 40-bit key there are 240 possible keys
• For 128-bit key there are 2128 possible keys
To crack the key the hacker has to use brute-force
(i.e., try all the possible keys till a key that works is found)
• Supercomputer can crack a 56-bit key in 14 hours
• It will take 272 times longer to crack a 128-bit key
(Longer than the age of the universe)
Data Encryption Standard (DES) Basics

DES is a block Cipher Algorithm uses 56 bits Key Length

• Encodes plaintext in 64 bit chunks


It is the most used algorithm
• Standard approved by US National Bureau of Standards for Commercial and nonclassified US
government use in 1993
Data Encryption Standard (DES) Basics

• DES run in reverse to decrypt


• Cracking DES
• 1997: 140 days
• 1999: 14 hours
• TripleDES uses DES 3 times in tandem
• Output from 1 DES is input to next DES
Symmetric Encryption Algorithm Summary

Algorithm Type Key Size Features

DES Block Cipher 56 bits Most Common, Not strong


enough
TripleDES Block Cipher 168 bits Modification of DES,
(112 Adequate Security
effective)
Blowfish Block Cipher Variable Excellent Security
(Up to 448
bits)
AES Block Cipher Variable Replacement for DES,
(128, 192, or Excellent Security
256 bits)
RC4 Stream Cipher Variable Fast Stream Cipher, Used
(40 or 128 in most SSL
bits) implementations
Symmetric Encryption Pros & Cons

Very fast and not resource intensive:


Preferred for encrypting large amounts of data

Key Exchange is a challenge:


Any exposure to the secret key compromises secrecy of ciphertext
A key needs to be delivered to the recipient of the coded message for it to be deciphered
Potential for eavesdropping attack during transmission of key
Asymmetric Encryption Basics

Uses a pair of keys for encryption


• Public key for encryption
• Private key for decryption
Messages encoded using public key can only be decoded by the private key
• Secret transmission of key for decryption is not required
• No exchange of secret keys -Man-in-the middle attack avoided
• Every entity can generate a key pair and release its public key

Plain Text Cipher Text Plain Text


Cipher Cipher

Public Key Private Key


What is a Digital Certificate?

Digital certificates are electronic credentials


that bind the identity of the certificate owner to a
pair of electronic encryption keys, (one public
and one private), that can be used to encrypt
and sign information digitally. ... All the receiver
would know is that a valid key pair was used
What is a Digital Certificate?
What is a Digital Certificate?
Asymmetric Encryption algorithm Types

Two most popular algorithms are RSA & El Gamal


• RSA
• Developed by Ron Rivest, Adi Shamir, Len Adelman
• Both public and private key are interchangeable
• Variable Key Size (512, 1024, or 2048 bits)
• Most popular public key algorithm
• El Gamal
• Developed by Taher ElGamal
• Variable key size (512 or 1024 bits)
• Less common than RSA, used in protocols like PGP
Asymmetric Encryption Session-Key Encryption

• Used to improve efficiency


• Symmetric key is used for encrypting data
• Asymmetric key is used for encrypting the symmetric key

Plain Text Cipher Cipher Text


(DES)

Send to Recipient

Encrypted
Cipher Key
(RSA)
Session Key

Recipient’s Public Key


Public Key Infrastructure

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage,
distribute, use, store and revoke digital certificates and manage public-key encryption.
Cryptographic hash function

• Is a mathematical algorithm that maps data of any size to a fixed size ("hash value",
"hash", or "message digest"). It is a one-way function, that is, a function which is
practically infeasible to invert. Cryptographic hash functions are a basic tool of modern
cryptography.
• It is deterministic, meaning that the same message always results in the same hash
• It is quick to compute the hash value for any given message
• It is infeasible to find two different messages with the same hash value
• A small change to a message should change the hash value so extensively that the new
hash value appears uncorrelated with the old hash value.
Cryptographic hash function MD5 sample
Hashing Messages/Message Digests

• A message digest is a fingerprint for a document


• Purpose of the message digest is to provide proof that a message has not altered
• Process of generating a message digest from data is called hashing
• Commonly used hash algorithms are
• MD5 – 128 bit hashing algorithm by Ron Rivest of RSA
• SHA & SHA-1 – 162 bit hashing algorithm developed by NIST

Data Hashing Hash


Algorithm

Message
Message Digest
Digest
Algorithm
Authentication Basics

• Authentication is the process of validating the identity of a User/a Message Sender.


• The Public Key Infrastructure technology that provide authentication is called Digital Signature.
• Digital Signature Process similar to the Public Key Asymmetric/Cryptography.

Walid’s
Walid’s Public Key
Private
Key
Message Message
Sent to Sent to
Receiver Receiver

Message
Sent to Digital Digital
Signature Signature Signature Signature Message is 100%
Mohamed confirmed to be
From Algorithm Sent to Sent to Algorithm
from Walid
Walid Receiver Receiver

Mohamed/The Receiver/Verifier
Walid/Sender
Mixing Hashing with/Digital Signatures

• A digital signature is a data item which accompanies or is logically associated with a digitally
encoded message.
• It has two goals
1. A guarantee of the source of the data
2. Proof that the data has not been tampered with
Sender’s Sender’s
Private Key Public Key
Message Digest Digest Message
Sent to Algorithm Algorithm Digest
Receiver

Same?

Digital
Message Signature Signature Signature Message
Digest Algorithm Sent to Algorithm Digest
Receiver

Sender Receiver
Authentication/Digital Signatures
Data Integrity/Digest Algorithm

Message
Message Digest Message
Walid’s From Walid’s
From Algorithm Digest
Private Key Walid Public Key
Walid To Ahmed
Digest
To Ahmed
Algorithm
Message wasn’t
Same? altered in transit

Digitally Digitally Message


Signature Signed Signed Signature Digest
Message
Algorithm Message Message Algorithm
Digest
Digest Digest

Message 100%
from Walid

Sender Receiver/Verifier
Asymmetric Encryption Protocols

• Pretty Good Privacy (PGP)


• Used to encrypt e-mail using session key encryption
• Combines RSA, TripleDES, and other algorithms
• Secure/Multipurpose Internet Mail Extension (S/MIME)
• Newer algorithm for securing e-mail
• Backed by Microsoft, RSA, AOL
• Secure Socket Layer(SSL) and Transport Layer Socket(TLS)
• Used for securing TCP/IP Traffic
• Mainly designed for web use
• Can be used for any kind of internet traffic
Password Authentication Basics

• Password is secret character string only known to user and server


• Password Hash is commonly used for password authentication
• Stored hash of the password is a lesser risk
• Hacker can not reverse the hash
• Problems with password-based authentication
• Attacker learns password by social engineering
• Attacker cracks password by brute-force and/or guesswork
• Eavesdrops password if it is communicated unprotected over the network
• Replays an encrypted password back to the authentication server
Authentication Protocols Basics

• Set of rules that governs the communication of data related to authentication between the server and
the user
• Techniques used to build a protocol are
• Transformed password Hash
• Password transformed using one way function before transmission
• Prevents eavesdropping but not replay
• Challenge-response
• Server sends a random value (challenge) to the client along with the authentication request. This must be
included in the response
• Protects against replay
• One-time password
• New password obtained by passing user-password through one-way function n times which keeps
incrementing
• Protects against replay as well as eavesdropping
Authentication Biometrics

Uses certain biological characteristics for authentication


• Biometric reader measures physiological indicia and compares them to specified values
• It is not capable of securing information over the network
Different techniques exist
• Fingerprint Recognition
• Voice Recognition
• Handwriting Recognition
• Face Recognition
• Retinal Scan
• Hand Geometry Recognition

You might also like