SlideShare una empresa de Scribd logo

Cryptography

Descargar como PPT, PDF
Pradeep Balasubramanian
Pradeep Balasubramanian
TecnologíaEducación
1 de 30
Cryptography Basics 1
Cryptography • History • Basic terminologies • Symmetric key encryption • Asymmetric key encryption • Public Key Infrastructure 2
History • 50 B.C. Julius Caesar uses cryptographic technique • 400 A.D. Kama Sutra in India mentions cryptographic techniques • 1250 British monk Roger Bacon describes simple ciphers • 1466 Leon Alberti develops a cipher disk • 1861 Union forces use a cipher during Civil War 3
History • 1914 World War I – British, French, and German forces use encryption technology • 1917 William Friedman, Father of U.S. encryption efforts starts a school for teaching cryptanalysis in Illinois • 1917 AT&T employee Gilbert Vernam invents polyalphabetic cipher • 1919 Germans develop the Engima machine for encryption 4
History • 1937 Japanese design the Purple machine for encryption • 1942 Navajo windtalkers help with secure communication during World War II • 1948 Claude Shannon develops statistical methods for encryption/decryption • 1976 IBM develops DES • 1976 Diffie – Hellman develop public key / private key cryptography • 1977 Rivest – Shamir – Adleman develop the RSA algorithm for public key / private key 5
Basic Terminologies • Cryptography deals with creating documents that can be shared secretly over public communication channels • Cryptographic documents are decrypted with the key associated with encryption, with the knowledge of the encryptor • The word cryptography comes from the Greek words: Krypto (secret) and graphein (write) • Cryptanalysis deals with finding the encryption key without the knowledge of the encryptor • Cryptology deals with cryptography and cryptanalysis • Cryptosystems are computer systems used to encrypt data for secure transmission and storage 6
Basic Terminologies • Keys are rules used in algorithms to convert a document into a secret document • Keys are of two types: – Symmetric – Asymmetric • A key is symmetric if the same key is used both for encryption and decryption • A key is asymmetric if different keys are used for encryption and decryption 7
Basic Terminologies • Examples: – Symmetric key methods • DES 56-bit • Triple DES 128-bit • AES 128-bit and higher • Blowfish 128-bit and higher – Asymmetric key methods • RSA (Rivest-Shamir-Adleman of MIT) • PGP (Phil Zimmerman of MIT) 8
Basic Terminologies • Plaintext is text that is in readable form • Ciphertext results from plaintext by applying the encryption key • Notations: – M message, C ciphertext, E encryption, D decryption, k key – E(M) = C – E(M, k) = C • Fact: D(C) = M, D(C, k) = M 9
Basic Terminologies • Steganography is the method of hiding secret messages in an ordinary document • Steganography does not use encryption • Steganography does not increase file size for hidden messages • Example: select the bit patterns in pixel colors to hide the message 10
Basic Terminologies • Hash functions generate a digest of the message • Substitution cipher involves replacing an alphabet with another character of the same alphabet set • Mono-alphabetic system uses a single alphabetic set for substitutions • Poly-alphabetic system uses multiple alphabetic sets for substitutions • Caesar cipher is a mono-alphabetic system in which each character is replaced by the third character in succession. Julius Caesar used this method of encryption. 11
Basic Terminologies • Vigenere cipher is an example of a poly-alphabetic cipher • Vigenere cipher uses a 26 x 26 table of characters • Vigenere method uses a keyword. Keyword repeated to fill length of plaintext. Each ciphertext character corresponds to the cell at the intersection of plaintext row and keyword column • Vigenere method does not use repeated characters unlike Caesar cipher 12
Basic Terminologies • Example of Vigenere cipher: ABCDEFGHIJ … BCDEFGHIJK … CDEFGHIJKL … DEFGHIJKLM … EFGHIJKLMN … Plaintext: BEAD Keyword: CABC Ciphertext: DABF 13
Basic Terminologies • Hash algorithms take an arbitrary length message and create a fixed length digest known as Message Digest • Well-known hash algorithms are MD-4 and MD-5 • Ron Rivest created the MD-x hash algorithms for NIST • Block ciphers use blocks of text instead of single characters • Electronic code book (ECB) uses plaintext blocks 14
Basic Terminologies • ECB raises the possibility that identical blocks could generate identical ciphertext • Cipher block chaining (CBC) uses a feedback loop • In CBC, each plaintext block is XORed with the previous ciphertext block • CBC eliminates identical blocks generating identical ciphertext 15
PKI • Public Key Infrastructure (PKI) is a government initiative to protect computer systems • Developed in the 1970s but has not been widely accepted. However, parts of the system are in extensive use today. These are Digital Certificates and Digital Signatures. • Digital Certificates are given by trusted third parties, known as Certificate Authorities (CAs). Verisign (an offshoot of RSA) is a CA. Any organization can be a CA as long as there are people willing to believe their assessment of authenticity. 16
Digital Certificates • Issued by trusted third parties known as Certificate Authorities (CAs) • Verisign is a trusted third party • Used to authenticate an individual or an organization • Digital Certificates are usually given for a period of one year • They can be revoked • It is given at various security levels. Higher the security level, the CA verifies the authenticity of the certificate seeker more. 17
Digital Certificates • Digital Certificates can be issued by any one as long as there are people willing to believe them • Major CAs are: – Verisign – GeoTrust – BeTrusted – Thawte 18
Digital Certificates • Digital Certificates are part of the authentication mechanism. The other part is Digital Signature. • When a user uses the digital signature, the user starts with their private key and encrypts the message and sends it. The receiver uses the sender’s public key and decrypts the message • In traditional encryption, the sender uses the public key of the receiver and encrypts the message and sends it and the receiver decrypts the message with their private key 19
Digital Certificates • Additional authentication means used by CAs are: – Security token – Passive token – Active token – One time password 20
Digital Certificates • Security token is usually a hardware device such as a Smart Card • If the security token is a software token, it is usually associated with a particular workstation • Security tokens use two-factor authentication using a password and a device (or an appropriate hardware identifier) 21
Digital Certificates • Passive token is a storage device that holds multiple keys. Appropriate key is transmitted using the transmission device used. • Inexpensive to manufacture • Sometimes an extra PIN is required to use the passive token • Examples: – Garage door opener – ATM card 22
Digital Certificates • An Active token does not transmit any data, unlike a passive token • Active tokens create another form of the base key (such as one-time password) or an encrypted form of the base key • Smart cards are commonly used for active tokens 23
Digital Certificates • A One-time password has a limited duration validity on a single use • Generated using a counter-based token or a clock- based token • Counter-based token is an active token that generates a one-time password based on a counter in the server and the secret key of the user • Clock-based token is an active token that generates one-time passwords based on the server clock 24
PGP • Developed by Phil Zimmerman at MIT • Provides 256-bit encryption key • Widely used for encrypting files such as email • Message is first compressed • A session key is created • The compressed message is encrypted using the session key 25
PGP • Session key alone is encrypted using the recipient’s public key • The encrypted message and the encrypted session key are then sent to the receiver • Receiver uses the private key to decrypt the session key first. Then the message is decrypted in a symmetric key way. 26
PGP • PGP supports the following encryption methods: – CAST (named after the developers Carlisle Adams and Stafford Tavares) is owned by Nortel. It uses a 128-bit key. Freeware. – IDEA (International Data Encryption Algorithm). Not a freeware. Uses 128-bit key – Triple DES. Freeware. Uses three 56-bit keys – Twofish. Uses 128-bit, 192-bit, and 256-bit. Freeware. 27
S/MIME • Secure/Multipurpose Internet Mail Extension’s goal is to provide integrity for email • S/MIME is in version 3 and it is an IETF standard • S/MIME follows a hierarchical trust scheme in which a trusted party passes on the trust to the next level below. For example, a trusted CA’s Digital Certificate can be used for authentication • S/MIME certificates follow X.509 standard 28
S/MIME PGP S/MIME Self-certificate X.509 Hierarchical trust Web of trust Integrated in Microsoft Free for download and Netscape products Fee for certificate Free certificate Uses 3DES encryption Uses 3DES encryption Uses SHA-1 for hash Uses SHA-1 for hash Easy to use Easy to use 29
References • PGP http://www.pgpi.org • “RSA Security’s Official Guide to Cryptography” by S. Burnett and S. Paine, Osborne/McGraw-Hill, 2001 30

Recomendados

04 authentication
04 authentication04 authentication
04 authentication
Jadavsejal
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subject
deepan v
 
Cryptography
CryptographyCryptography
Cryptography
Askme.com
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and Decryption
Didar Hussain
 
Security Systems for Digital Data - Paper
Security Systems for Digital Data - PaperSecurity Systems for Digital Data - Paper
Security Systems for Digital Data - Paper
Bernhard Hofer
 
Security Systems for Digital Data
Security Systems for Digital DataSecurity Systems for Digital Data
Security Systems for Digital Data
Bernhard Hofer
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
Prabhat Goel
 
DeCloud: Truthful Decentralized Double Auction for Edge Clouds
DeCloud: Truthful Decentralized Double Auction for Edge CloudsDeCloud: Truthful Decentralized Double Auction for Edge Clouds
DeCloud: Truthful Decentralized Double Auction for Edge Clouds
Nitinder Mohan
 

Recomendados

04 authentication
04 authentication04 authentication
04 authentication
Jadavsejal
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subject
deepan v
 
Cryptography
CryptographyCryptography
Cryptography
Askme.com
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and Decryption
Didar Hussain
 
Security Systems for Digital Data - Paper
Security Systems for Digital Data - PaperSecurity Systems for Digital Data - Paper
Security Systems for Digital Data - Paper
Bernhard Hofer
 
Security Systems for Digital Data
Security Systems for Digital DataSecurity Systems for Digital Data
Security Systems for Digital Data
Bernhard Hofer
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
Prabhat Goel
 
DeCloud: Truthful Decentralized Double Auction for Edge Clouds
DeCloud: Truthful Decentralized Double Auction for Edge CloudsDeCloud: Truthful Decentralized Double Auction for Edge Clouds
DeCloud: Truthful Decentralized Double Auction for Edge Clouds
Nitinder Mohan
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar Cipher
Gopal Sakarkar
 
Information Cryptography Security
Information Cryptography SecurityInformation Cryptography Security
Information Cryptography Security
Achmad Solichin
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
Security Innovation
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Punnya Babu
 
IBM System Storage Data Encryption
IBM System Storage Data EncryptionIBM System Storage Data Encryption
IBM System Storage Data Encryption
Behroz Zarrinfar
 
Pgp
PgpPgp
Pgp
Nilanjan Danda
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modules
Murali Krishna
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
Bitcoin Association of Australia
 
Cryptography
CryptographyCryptography
Cryptography
suresh0506
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
Animesh Shaw
 
Cryptography cse,ru
Cryptography cse,ruCryptography cse,ru
Cryptography cse,ru
Hossain Md Shakhawat
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
Sam Bowne
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
RobertCarreonBula
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Pa Van Tanku
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
Sam Bowne
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
Amit Pathak
 
Cryptography
CryptographyCryptography
Cryptography
JohnsonDaniel JohnsonDaniel
 
Cryptography
CryptographyCryptography
Cryptography
Pragun Shah
 
Cryptography
CryptographyCryptography
Cryptography
Têjäçhoudhary Maddineni
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
ssuserd5e356
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
Alfred Ouyang
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 

Más contenido relacionado

La actualidad más candente

La actualidad más candente (7)

Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar Cipher
 
Information Cryptography Security
Information Cryptography SecurityInformation Cryptography Security
Information Cryptography Security
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
IBM System Storage Data Encryption
IBM System Storage Data EncryptionIBM System Storage Data Encryption
IBM System Storage Data Encryption
 
Pgp
PgpPgp
Pgp
 
Enhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modulesEnhancing lan using cryptography and other modules
Enhancing lan using cryptography and other modules
 

Similar a Cryptography

Similar a Cryptography (20)

Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Cryptography cse,ru
Cryptography cse,ruCryptography cse,ru
Cryptography cse,ru
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - Workshop
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
Security - ch3.pptx
Security - ch3.pptxSecurity - ch3.pptx
Security - ch3.pptx
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
Cyptography and network security unit 3-1
Cyptography and network security unit 3-1Cyptography and network security unit 3-1
Cyptography and network security unit 3-1
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Cryptography

  • 2. Cryptography • History • Basic terminologies • Symmetric key encryption • Asymmetric key encryption • Public Key Infrastructure 2
  • 3. History • 50 B.C. Julius Caesar uses cryptographic technique • 400 A.D. Kama Sutra in India mentions cryptographic techniques • 1250 British monk Roger Bacon describes simple ciphers • 1466 Leon Alberti develops a cipher disk • 1861 Union forces use a cipher during Civil War 3
  • 4. History • 1914 World War I – British, French, and German forces use encryption technology • 1917 William Friedman, Father of U.S. encryption efforts starts a school for teaching cryptanalysis in Illinois • 1917 AT&T employee Gilbert Vernam invents polyalphabetic cipher • 1919 Germans develop the Engima machine for encryption 4
  • 5. History • 1937 Japanese design the Purple machine for encryption • 1942 Navajo windtalkers help with secure communication during World War II • 1948 Claude Shannon develops statistical methods for encryption/decryption • 1976 IBM develops DES • 1976 Diffie – Hellman develop public key / private key cryptography • 1977 Rivest – Shamir – Adleman develop the RSA algorithm for public key / private key 5
  • 6. Basic Terminologies • Cryptography deals with creating documents that can be shared secretly over public communication channels • Cryptographic documents are decrypted with the key associated with encryption, with the knowledge of the encryptor • The word cryptography comes from the Greek words: Krypto (secret) and graphein (write) • Cryptanalysis deals with finding the encryption key without the knowledge of the encryptor • Cryptology deals with cryptography and cryptanalysis • Cryptosystems are computer systems used to encrypt data for secure transmission and storage 6
  • 7. Basic Terminologies • Keys are rules used in algorithms to convert a document into a secret document • Keys are of two types: – Symmetric – Asymmetric • A key is symmetric if the same key is used both for encryption and decryption • A key is asymmetric if different keys are used for encryption and decryption 7
  • 8. Basic Terminologies • Examples: – Symmetric key methods • DES 56-bit • Triple DES 128-bit • AES 128-bit and higher • Blowfish 128-bit and higher – Asymmetric key methods • RSA (Rivest-Shamir-Adleman of MIT) • PGP (Phil Zimmerman of MIT) 8
  • 9. Basic Terminologies • Plaintext is text that is in readable form • Ciphertext results from plaintext by applying the encryption key • Notations: – M message, C ciphertext, E encryption, D decryption, k key – E(M) = C – E(M, k) = C • Fact: D(C) = M, D(C, k) = M 9
  • 10. Basic Terminologies • Steganography is the method of hiding secret messages in an ordinary document • Steganography does not use encryption • Steganography does not increase file size for hidden messages • Example: select the bit patterns in pixel colors to hide the message 10
  • 11. Basic Terminologies • Hash functions generate a digest of the message • Substitution cipher involves replacing an alphabet with another character of the same alphabet set • Mono-alphabetic system uses a single alphabetic set for substitutions • Poly-alphabetic system uses multiple alphabetic sets for substitutions • Caesar cipher is a mono-alphabetic system in which each character is replaced by the third character in succession. Julius Caesar used this method of encryption. 11
  • 12. Basic Terminologies • Vigenere cipher is an example of a poly-alphabetic cipher • Vigenere cipher uses a 26 x 26 table of characters • Vigenere method uses a keyword. Keyword repeated to fill length of plaintext. Each ciphertext character corresponds to the cell at the intersection of plaintext row and keyword column • Vigenere method does not use repeated characters unlike Caesar cipher 12
  • 13. Basic Terminologies • Example of Vigenere cipher: ABCDEFGHIJ … BCDEFGHIJK … CDEFGHIJKL … DEFGHIJKLM … EFGHIJKLMN … Plaintext: BEAD Keyword: CABC Ciphertext: DABF 13
  • 14. Basic Terminologies • Hash algorithms take an arbitrary length message and create a fixed length digest known as Message Digest • Well-known hash algorithms are MD-4 and MD-5 • Ron Rivest created the MD-x hash algorithms for NIST • Block ciphers use blocks of text instead of single characters • Electronic code book (ECB) uses plaintext blocks 14
  • 15. Basic Terminologies • ECB raises the possibility that identical blocks could generate identical ciphertext • Cipher block chaining (CBC) uses a feedback loop • In CBC, each plaintext block is XORed with the previous ciphertext block • CBC eliminates identical blocks generating identical ciphertext 15
  • 16. PKI • Public Key Infrastructure (PKI) is a government initiative to protect computer systems • Developed in the 1970s but has not been widely accepted. However, parts of the system are in extensive use today. These are Digital Certificates and Digital Signatures. • Digital Certificates are given by trusted third parties, known as Certificate Authorities (CAs). Verisign (an offshoot of RSA) is a CA. Any organization can be a CA as long as there are people willing to believe their assessment of authenticity. 16
  • 17. Digital Certificates • Issued by trusted third parties known as Certificate Authorities (CAs) • Verisign is a trusted third party • Used to authenticate an individual or an organization • Digital Certificates are usually given for a period of one year • They can be revoked • It is given at various security levels. Higher the security level, the CA verifies the authenticity of the certificate seeker more. 17
  • 18. Digital Certificates • Digital Certificates can be issued by any one as long as there are people willing to believe them • Major CAs are: – Verisign – GeoTrust – BeTrusted – Thawte 18
  • 19. Digital Certificates • Digital Certificates are part of the authentication mechanism. The other part is Digital Signature. • When a user uses the digital signature, the user starts with their private key and encrypts the message and sends it. The receiver uses the sender’s public key and decrypts the message • In traditional encryption, the sender uses the public key of the receiver and encrypts the message and sends it and the receiver decrypts the message with their private key 19
  • 20. Digital Certificates • Additional authentication means used by CAs are: – Security token – Passive token – Active token – One time password 20
  • 21. Digital Certificates • Security token is usually a hardware device such as a Smart Card • If the security token is a software token, it is usually associated with a particular workstation • Security tokens use two-factor authentication using a password and a device (or an appropriate hardware identifier) 21
  • 22. Digital Certificates • Passive token is a storage device that holds multiple keys. Appropriate key is transmitted using the transmission device used. • Inexpensive to manufacture • Sometimes an extra PIN is required to use the passive token • Examples: – Garage door opener – ATM card 22
  • 23. Digital Certificates • An Active token does not transmit any data, unlike a passive token • Active tokens create another form of the base key (such as one-time password) or an encrypted form of the base key • Smart cards are commonly used for active tokens 23
  • 24. Digital Certificates • A One-time password has a limited duration validity on a single use • Generated using a counter-based token or a clock- based token • Counter-based token is an active token that generates a one-time password based on a counter in the server and the secret key of the user • Clock-based token is an active token that generates one-time passwords based on the server clock 24
  • 25. PGP • Developed by Phil Zimmerman at MIT • Provides 256-bit encryption key • Widely used for encrypting files such as email • Message is first compressed • A session key is created • The compressed message is encrypted using the session key 25
  • 26. PGP • Session key alone is encrypted using the recipient’s public key • The encrypted message and the encrypted session key are then sent to the receiver • Receiver uses the private key to decrypt the session key first. Then the message is decrypted in a symmetric key way. 26
  • 27. PGP • PGP supports the following encryption methods: – CAST (named after the developers Carlisle Adams and Stafford Tavares) is owned by Nortel. It uses a 128-bit key. Freeware. – IDEA (International Data Encryption Algorithm). Not a freeware. Uses 128-bit key – Triple DES. Freeware. Uses three 56-bit keys – Twofish. Uses 128-bit, 192-bit, and 256-bit. Freeware. 27
  • 28. S/MIME • Secure/Multipurpose Internet Mail Extension’s goal is to provide integrity for email • S/MIME is in version 3 and it is an IETF standard • S/MIME follows a hierarchical trust scheme in which a trusted party passes on the trust to the next level below. For example, a trusted CA’s Digital Certificate can be used for authentication • S/MIME certificates follow X.509 standard 28
  • 29. S/MIME PGP S/MIME Self-certificate X.509 Hierarchical trust Web of trust Integrated in Microsoft Free for download and Netscape products Fee for certificate Free certificate Uses 3DES encryption Uses 3DES encryption Uses SHA-1 for hash Uses SHA-1 for hash Easy to use Easy to use 29
  • 30. References • PGP http://www.pgpi.org • “RSA Security’s Official Guide to Cryptography” by S. Burnett and S. Paine, Osborne/McGraw-Hill, 2001 30