150 likes | 290 Views
Modular Arithmetic with Applications to Cryptography. IST 230: Lesson 13 . Group 6. Cryptography. For the longest time, cryptography used only one key Private Key Shared by both the sender and receiver Known as symmetric – parties are both equal.
E N D
Modular Arithmetic with Applications to Cryptography IST 230: Lesson 13 Group 6
Cryptography • For the longest time, cryptography used only one key • Private Key • Shared by both the sender and receiver • Known as symmetric – parties are both equal • Then came along the use of the public and private key • Two parties involved have public and private keys • Asymmetric – parties are not equal • It’s an addition to the private key
Private Key • Example of Private Key • Used heavily by small parties • To provide information back and forth privately • Encryption key is kept private, as well as decryption key • No key made available to the public • Encryption key and decryption key are identical • Both parties responsible for keeping the key secure and private [Key “A“] + Text -------------> Encrypted Text -----------> Encrypted Text + [Key “A“] = Text
Public Key • Example of Public Key • Purchasing merchandise online • Buyer enters credit card numbers and private information • When sent to the recipient, it is encrypted before sent • Every buyers information is encrypted using the same key • Only ONE key to decrypt, which is kept very private by the receiver • Public key cryptology involves 2 separate keys • One made available to the public for encrypting • One made ONLY available to the recipient for decrypting • Very common in today’s business world • Very Secure form of cryptology [Public Key “A“] + Text ---------> Encrypted Text -------> Encrypted Text + [Key “B“] = Text
Digital Signatures in Public/Private Key Encryption for Authentication • Authentication is defined as two things: • Proof of validity • User identification • Public/Private Key Encryption: • Utilizes digital signatures for authentication • A digital signature is an unforgeable piece of data • Non-Repudiation • The author can not deny authoring the message Sender (John): Create Signature Hash Function Creates Digest Digest is Encrypted Encrypted Digest is the Digital Signature (VeriSign) Receiver (Mary): When the signature is decrypted it shows that the message wasn’t altered which shows that it came from John. http://www.infosec.gov.hk/english/itpro/images/digital_signature.gif
How Digital Signatures also Provide Data Integrity • Digital signatures also serve as a means of providing a layer of integrity: • Should a message’s contents get altered the signature would be invalidated • This would alert the user there’s a problem. • Encryption of the signature digest is a form of encryption. • There are many types of asymmetrical key algorithms: • RSA • ECC • El Gamal • LUC • Encrypted messages can provide: • Confidentiality • Authentication • Non-repudiation • Integrity http://adventuresinsecurity.com/images/Signature_Process.jpg
Public/Private Key Encryption A type of cypher architecture that uses two keys to encrypt and decrypt data
Role of Certificate Authorities in Public Key Encryption A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption.
Certificate Authorities (Cont.) A digital ID, or digital certificate, is a form of electronic credentials for the Internet. A digital certificate is issued by a trusted third party to establish the identity of the ID holder. The third party who issues certificates is known as a Certification Authority (CA).
Public Key Infrastructure (PKI) A PKI (public key infrastructure) enables users of a basically unsecure public network, such as the Internet, to securely and privately exchange data and information.
Public Key Infrastructure (PKI) • A Public Key Infrastructureconsists of: • A certificate authority (CA) that issues and verifies digital certificates. A certificate includes the public key or information about the public key. • A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor. • One or more directories where the certificates (with their public keys) are held. • A certificate management system
Public Key Infrastructure in Network Security • An enterprise PKI uses digital certificates to protect information assets via the following ways: • Authentication—Validates the identity of machines and users • Encryption—Encodes data to ensure that information cannot be viewed by unauthorized users or machines • Digital signing—Provides the electronic equivalent of a hand-written signature; also enables enterprises to verify the integrity of data and determine whether it has been tampered with in transit • Access control—Determines which information a user or application can access and which operations it can perform once it gains access to another application; also called authorization • Non-repudiation—Ensures that communications, data exchanges, and transactions are legally valid and irrevocable
Network Security (Cont.) • PKI protects applications that demand the highest level of security: • Online banking and trading • Web services-based business process automation • Digital form signing • Enterprise instant messaging • Electronic commerce
Citations "8 The Public Key Infrastructure Approach to Security." Oracle. Web. 04 Dec. 2010. <http://mail.duel.ru/docs/oracle10r2/network.101/b10777/pki.htm>. Brayton, Jim. "What Is PKI? - Definition from Whatis.com - See Also: Public Key Infrastructure." Information Security: Covering Today's Security Topics. Search Security, 10 Oct. 2006. Web. 04 Dec. 2010. <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214299,00.html>. "Digital Certificate." SSL Certificate From Comodo™ with Free SSL Certificates and Server Certificates Digital Certificate Authority. Instant SSL. Web. 04 Dec. 2010. <http://www.instantssl.com/code-signing/code-signing-technical.html>. Kayne, R. "What Is Public Key Encryption?" WiseGEEK: Clear Answers for Common Questions. WiseGEEK. Web. 04 Dec. 2010. <http://www.wisegeek.com/what-is-public-key-encryption.htm>. Managed Public Key Infrastructure: Securing Your Business Applications. VeriSign. PDF. "What Is Certificate Authority? - Definition from Whatis.com - See Also: CA." Information Security: Covering Today's Security Topics. Search Security, 4 June 2007. Web. 04 Dec. 2010. <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.html>. "Introduction to Digital Certificates." VeriSign 2010: n. pag. Web. 29 Nov 2010. <http://www.verisign.com.au/repository/tutorial/digital/intro1.shtml>. Harris, Shon. CISSP Exam Guide. 5th ed. USA: McGraw-Hill, 2010. 665-773. Print. "Digital Signature." 2010. Web. <http://en.wikipedia.org/wiki/Digital_signature>.