1 / 51

MODELLING PERSISTENT DATA: CS27020

MODELLING PERSISTENT DATA: CS27020. Types of Cryptography (Algorithm) Nitin Naik. Types of Cryptography. Classical Cryptography Symmetric/Secret/Single Key Cryptography (SKC) Asymmetric/Public/Double Key Cryptography (AKC/PKC)

cruz
Download Presentation

MODELLING PERSISTENT DATA: CS27020

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MODELLING PERSISTENT DATA: CS27020 Types of Cryptography (Algorithm) Nitin Naik

  2. Types of Cryptography • Classical Cryptography • Symmetric/Secret/Single Key Cryptography (SKC) • Asymmetric/Public/Double Key Cryptography (AKC/PKC) • One-Way Cryptography (Hash Functions)

  3. Classical Cryptography • These are the oldest techniques of encryption. • It uses Substitution technique (symbol replaces by another symbol). • It uses Transposition technique (rearranging the letter order ). • It uses Product technique (combination of Substitution and Transposition). • Application/Usage: Vital tool for secure communication in old kingdoms.

  4. Substitution Technique • One or more letters of plaintext are replaced with one or more different letters or numbers. • Here each letter of the message is substituted or replaced but one at a time. • If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns.

  5. Caesar Cipher (Substitution) Example

  6. Transposition Technique • The substitution cipher always replaces a plaintext symbol to obtain a ciphertext symbol. • A transposition cipher does not change the characters in the plaintext when it generates the ciphertext. • It just re-arranges them like Anagram(type of word play). • It hides the message by rearranging the letter order. • It applies some kind of permutation function to the text to produce a re-arrangement, which can be reversed if you know the secret to the permutation.

  7. Rail Fence (Transposition) Example

  8. Classical Cryptography..

  9. Designing Modern Ciphers • Classical Encryption methods are used mainly for encryption of characters. • Although their idea could be implemented on Bits. • Modern conventional encryption algorithms are used for this bit-level encryption/decryption. • In which any kind of data such as text, graphics, audio, or video is divided into sequence or block of bits.

  10. Methods Employed in Modern Ciphers • XOR Method • Rotation/ Shift Method • Encoding and Decoding Method • P-Box (Permutation-Box) Method • S-Box (Substitution-Box) Method • Shannon’s Theory of Confusion and Diffusion • Round or Product Method

  11. XOR Method

  12. Rotation/ Shift Method

  13. Rotation/ Shift Method

  14. Encoding and Decoding Method

  15. P-Box (Permutation-Box) Method

  16. Types of P-Box

  17. S-Box (Substitution-Box) Method

  18. Shannon’s Theory of Confusion and Diffusion • Modern Block Ciphers depends on the two properties- Confusion and Diffusion. • Confusion: hide/make complex the relationship between the Ciphertext and the Key. • Confusion is achieved by substitution operation done by S-Box. • Diffusion: hide/make complex the relationship between the Ciphertext and the Plaintext. • Diffusion is achieved by permutation/ transposition operation done by P-Box. • The easiest and simplest way to achieve both Confusion and Diffusion is a Substitution-Permutation (SP) Network.

  19. Round/ Product Method • Only SP-box alone does not have much cryptographic strength. • Many alternating S-Boxes and P-Boxes are integrated in such a manner that they encrypt the data many times (in many Rounds/Iterations) before producing the final ciphertext. • This processing is based on some encryption function called the Round Function. • Every round uses a Round Subkey, which is derived from the EncryptionKey. • The way the Round Subkeys are derived from Key is called the Key Schedule.

  20. Types of Product/Round/Iterated Ciphers • Non-Feistel Cipher or SP-Network (Substitution-Permutation Network (SPN)) • Feistel Cipher or Feistel Network/Structure (SPF)

  21. Non-Feistel Cipher or SP-Network

  22. Feistel Cipher or Feistel Network

  23. Symmetric/Secret/Single Key Cryptography (SKC) • It uses both a key and an algorithm. • Key: a variable that is combined in some way with the unencrypted text. • Algorithm: a formula for combining the key with the text. • It uses a single key for both encryption and decryption. • Encryption key must be shared between the two parties before cryptography. • Symmetric ciphers are significantly faster than asymmetric ciphers, but the requirements for key exchange make them difficult to use.

  24. SKC.. • Application/Usage: It is used for encrypting large amounts of data speedily.

  25. Types of SKC • Stream or Bit-Wise ciphers encrypt the plaintext one byte or one bit at a time. • Block ciphers encrypt plaintext into ciphertext by breaking it down into Blocks (group of many Bytes) rather than into Bits Stream in Streamcipher. • It encrypts plaintext in each Block and the same user given key is used for each Block. • A Block is a pre-determined or fixed sized group of Bits/Bytes (commonly of 64, 128, 196 and 256 bits).

  26. Types of SKC.. • The most used block ciphers are DES, Triple DES and AES. • The most important criterion for selecting any block cipher algorithm is its key size. • As the key size is increased the security will be increased. • Most of the standard algorithms are using 64, 128, 192, or 256-bit keys.

  27. SKC:DES (Data Encryption Standard) and Triple (TDES) • DES was the first standard encryption algorithm adopted in response to a public request from the NIST /NBS(National Bureau of Standards) for all kind of secure data processing activities in computer and communication. • It was developed in 1970s by IBM and in 1977, considered as standard encryption algorithm for unclassified data. • The long journey of DES as official NIST algorithm ended in 1997.

  28. DES and TDES..

  29. SKC: AES (Advanced Encryption Standard) or Rijndael Cipher • The Rijndael algorithm (later on AES) was developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen. • AES is a symmetric key encryption algorithm which replaced the commonly used Data Encryption Standard (DES). • DES replacement was the result of a worldwide call for submissions of encryption algorithms issued by the US Government's National Institute of Standards and Technology (NIST) in 1997 and completed in 2000.

  30. SKC: AES.. • Among the AES finalists (MARS, RC6, Twofish, Serpent, Rijndael), Rijndael algorithm as AES was selected by NIST as a Federal Information Processing Standard in November 2001 (FIPS-197).

  31. Asymmetric/Public/Double Key Cryptography (AKC/PKC) • In asymmetric key cryptography, two different keys are required one for encryption and one for decryption. • Here each person (sender and receiver) has two keys. One key, the public key, is shared publicly. • The second key, the private key, should never be shared with anyone. • When you send a message using asymmetric cryptography, you encrypt the message using the recipient’s public key.

  32. AKC/PKC.. • The recipient then decrypts the message using his private key. That is why the system is called asymmetric. • Because asymmetric ciphers tend to be significantly more computationally intensive, they are usually used in combination with symmetric ciphers to implement public key cryptography effectively . • The asymmetric cipher is used to encrypt a session key and the encrypted session key is then used to encrypt the actual message. • This gives the key-exchange benefits of asymmetric ciphers with the speed of symmetric ciphers.

  33. AKC/PKC.. • Commonly used asymmetric key cryptography algorithms are RSA, DSA, PGP, Diffie-Hellman etc. • Application/Usage: It is mainly used for key exchanges and digital signatures.

  34. AKC/PKC: Diffie-Hellman Key Exchange Algorithm • A cryptographic key exchange method developed by Whitfield Diffie and Martin Hellman and published in his paper- New Directions in Cryptography in 1976. • This algorithm enables parties at both ends to derive or calculate a shared, secret/private key without ever sending it to each other. • While this was a fundamental breakthrough in conceptual terms, it did not offer a ‘real world’ solution to the problem of key exchange.

  35. AKC/PKC: Simple Mathematics of Diffie-Hellman • Both party who are involved in communication choose a common number called g, both sides use a different private random numbers (a and b) as a power to raise the common number. • The results are then sent to each other. Both parties raise the received number to the same random power they used before. • The results are the same number (private key) on both sides, which was never transmitted intact.

  36. AKC/PKC: Simple Mathematics of Diffie-Hellman

  37. RSA (Rivest, Shamir & Adleman) Algorithm • Select two large random prime numbers p and q • Calculate common number n which will be used as a system modulus: n = pq • Calculate Totient Function (relative prime number): φ(n) = (p-1)(q-1) • Select Public/ Encryption Key e (random number) that satisfies the following conditions: 1 < e < φ(n) AND hcf/gcd (e, φ(n) ) = 1 • Calculate Private/ Decryption Key d using the following equation: ed = 1 mod φ(n) • Sender encrypts message (M): C = Me mod n , 0≤M≤n • Receiver decrypts ciphertext (C): M = Cd mod n

  38. RSA (Rivest, Shamir & Adleman) Algorithm.. • Select two large random prime numbers p=17 and q=11 • Calculate common number n which will be used as a system modulus: n = 17*11 = 187 • Calculate Totient Function (relative prime number): φ(n) = (p-1)(q-1) = (17-1)(11-1) = 16 * 10 = 160 • Select Public/ Encryption Key e (random number) that satisfies the following conditions: 1 < e < φ(n) AND hcf/gcd (e, φ(n) ) = 1 . Here e=7 that satisfies 1 < 7 < φ(n) AND hcf/gcd (7, 160) = 1 • Calculate Private/ Decryption Key d using the following equation: ed = 1 mod φ(n) ⇒ 7*d = 1 mod 160 ⇒ 7*d = 160 ⇒ d = 160 / 7 = 22.857 = 23

  39. RSA (Rivest, Shamir & Adleman) Algorithm.. • Sender encrypts message (M): C = Me mod n , 0≤M≤n. Here M = 88 ⇒ C = 887 mod 187 = 40867559636992 mod 187 = 11 • Receiver decrypts ciphertext (C): M = Cd mod n. Here C = 11 ⇒ M = 1123 mod 187 = 895430243255237372246531 mod 187 = 88

  40. Difference between Symmetric and Asymmetric Key Encryption

  41. One-Way Cryptography (Hash Functions) • It uses a mathematical transformation to irreversibly encrypt information. • A hash function takes binary data, called the message, and produces a condensed representation, called the MD (Message Digest)/Hash. • The output of any one hash function is always of the same length, regardless of the length of the input string.

  42. One-Way Cryptography (Hash Functions).. • A cryptographic hash function is a hash function that is designed to achieve certain security properties. • Their purpose is to detect very slight changes to data, or to determine whether or not two pieces of data are identical. • Commonly used hash functions include MD4, MD5, SHA-1, SHA-256, and SHA-512.

  43. One-Way Cryptography (Hash Functions).. • Application/Usage: Hash function is widely accepted and used in the cryptography because of its smaller size and one-way encryption features: • Data Integrity and Authentication • Digital Signatures (Public Key Algorithm) • Message Authentication Codes (with Secret Key) • Pseudo-Random Number Generation (PRNG) • Key Generation and Update • Code Recognition • One-Way Function • Password Protection

  44. Message Authentication • Till now we have studied about the encryption algorithms for securing our information only but not to check the authenticity of source and the contents of message. • To verify these two things is the additional facility to encryption which makes the complete secure operation and called message authentication. • Message Authenticationis an authenticity verification procedure that facilitates the verification of the integrity of the message as well as the authenticity of the source from which the message is received.

  45. Message Authentication • Two most popular techniques for message authentication are - MAC (Message Authentication Code) and Digital Signature. • MAC approach is based on symmetric key encryption and Digital Signature is based on asymmetric key encryption.

  46. MAC vs. Digital Signature • MAC is computed (at sender) and verified (at receiver) with the same Private Key, so that they canonly be verified by the intended recipient. • Whereas Digital Signature is computed (at sender) with the Private Key and verified (at receiver) with the Public Key, so that they canbe verified by the any recipient who has this Public Key.

  47. MAC vs. Digital Signature.. • MACs do not provide the property of non-repudiation offered by signatures: any user who can verify a MAC is also capable of generating MACs for other messages. • In contrast, a Digital Signature is generated using the private key of a key pair, which is asymmetric encryption. • Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation.

  48. Digital Certificate • In public key authentication system the problem is that the Digital Signature is ok for authentication but not suitable to prove the identity of a person and it is difficult to identify the public key owner because public key is known to everybody. • Thus we need a system to verify the owner of key-pair (private and public keys) so the digital signature could be successfully utilized and for this a new mechanism is developed, called Digital Certificate. • Digital Certificate is provided by the trusted third party and which includes the details of public key and their owner so everybody can believe on it.

  49. Digital Certificate.. • A Digital Certificate is an electronic identity card or electronic credit card issued to a person, system, or an organization by a competent authority after verifying the credentials of the entity. • Mainly a digital certificate is a public key that is unique for each entity. • A digital certificate establishes a link between a person and a public key. • They are issued by a trusted third party known as a Certification Authority (CA) who verifies a person’s identity.

  50. References • Naik, N. (2010),Network Security and Cryptographic Algorithms, Kamal Publications, India.

More Related