280 likes | 292 Views
Explore the principles of cryptographic techniques and how they enhance computer security. Learn how businesses utilize cryptography, the vulnerabilities of computer security, and the importance of secure information transmission over the internet. Discover the Caesar Cipher, one-time pad encryption, Enigma machine, Data Encryption Standard (DES), and RSA. Delve into the role of SSL in securing online transactions and digital signatures for authentication and non-repudiation.
E N D
M150: Data, Computing and information Outline Unit fourteen. What’s next. Review questions. Your questions.
Unit fourteen : Hiding data computers and security. Cryptography. Security in industry. the limits of security. the single user and security.
Unit fourteen : Hiding data • Explain the principles cryptographic techniques "what did the Romans ever do for us?" • Show how cryptography can aid security of computer applications • Show how cryptography can be used by businesses • Explain the limitations of computer security and how it may be compromised • Show why information passing over the internet must be secured • Show why security should concern us as individuals 3
Unit fourteen : Hiding data Some types of attack False authority syndrome List Linking Roll your own credit cards Web attack Money transfer Internet worm 4
Unit fourteen : Hiding data Cryptography The study of secret codes Plain text The original, understandable text Cipher text The text formed by applying some cryptographic method Encryption The process of transforming text so that it cannot be understood by anyone who does not have the key Decryption The process of returning an encrypted document to its original form by application of a key 5
Unit fourteen : Hiding data Caesar Cipher Replacing each letter with one further along the alphabet What is the shift in the encrypted message below? 6
Unit fourteen : Hiding data How many bits? (Tricky question) Imagine a Caesar cipher is to be used that works for upper and lower case letters and the following special characters: space, comma, question mark, full stop. The key (i.e. the shift) is to be represented as a binary number stored in a computer file. What is the minimum number of bits needed for the key to represent all the possible values the key could take? 7
One-time pad • Two identical copies of a "pad" are made. Each page contains a key consisting of random letters • The sender uses the top page of their pad to encrypt the message ciphertext • The receiver uses the top page of their pad to decrypt the message • Both destroy the top page of the pad 8
Enigma machine • Used during World War II to encrypt and decrypt secret military messages • Did Enigma produce a monosubstitution or a polyalphabetic cipher? • Did Enigma use symmetric or asymmetric key cryptography? from www.pbs.org/wgbh/nova/decoding/enigmadiagram.html see http://en.wikipedia.org/wiki/Enigma_machine for a good detailed explanation of how the enigma machine worked. 11
Data Encryption Standard (DES) • Developed for the US Government and considered impregnable at the time • Increases in computer power meant that it can be cracked by brute force • DES uses a symmetric key with permutation, swapping and function application Swap first two and last two letters Caesar cipher shift 2 Permutation in groups of 3 letters Hello_Mum leH_olmuM uMH_olmle wOJ_qnong 12
Asymmetric Keys 13 http://www.int.gu.edu.au/courses/2010int/crypto.html
RSA(Rivest, Shamir and Adleman) • An asymmetric key method using a public key for encryption and a private key for decryption and vice versa. • This asymmetry means that the public key can be distributed by insecure means - or even made public. • There are many public keys, one to match each private key. • RSA is a more complex computation than DES and is much slower. 14
Security in Industry • The Internet is an open network and you can't control which computers will carry your messages. • Your message could be intercepted at any intermediate node. • Security is essential for some commercial transactions - for example processing credit card numbers. • Secure Sockets Layer (SSL) provides a mechanism to do this. 15
Secure Sockets Layer • SSL uses symmetric and asymmetric keys • The bulk of the data is encrypted with a symmetric key for speed • A new key for symmetric encryption is created for each transaction • This key is itself encrypted and sent across the net for the receiving computer to use • The key is encrypted using an asymmetric technique for security • SSL is more efficient than RSA alone 16
Secure Socket Layer data data data data data B A A and B exchange information about encryption and decryption methods Generate and encrypt key Decrypt with B's private key A generates symmetric key, encrypts it with B's public key and sends it to B Encrypt Decrypt Symmetric key Symmetric key 17
How do I know a website is using SSL? Insecure Secure Secure Secure 18
Digital Signature • A technology used to check whether data has been tampered with • It has two properties: • Authentication • Non-repudiation • It uses a message digest or hash function 19
Digital Certificates • What's to stop a criminal putting up a spoof website containing a public key that they say belongs to a major bank? • You use the key to send messages to your bank. • Criminal intercepts and reads the messages. • A digital certificate provides basic authentication facilities on the internet • Must be issued by a certifying authority • The certifying authority holds a database of the details of the certificates
The Certifying Authority The certifying authority database holds: • Name of the authority that issued the certificate • Name of the user associated with the certificate • Public key of the user and description of the user's asymmetric cryptography method • The digital signature of the certifying authority (contents of the certificate encrypted with the private key of the certifying authority)
Web Security • The web uses a mixture of techniques • A firewall is a barrier which restricts the exchange of information between your PC and the net • A screening router determines which packets of data should be allowed to pass in each direction • A bastion host holds temporary copies of the web pages that you request • A Secure Socket Layer (SSL) • Secure Electronic Transaction (SET)
Limits of Security • All users must be on their guard against attempts to breach security. • The best security is no good if the password is written on a piece of paper under the user's keyboard or it's the name of the dog or child! • Many systems offer strong security from a technical standpoint but are compromised by poor working practices. "Security is a chain; it's only as secure as the weakest link" Bruce Schneier
Hazards for the Single User • Anyone connected to the internet is at risk • While you're on line and part of the web intruders can potentially: • read the contents of your address book • send messages from your email address • store files on your hard drive • The effects can range from mild irritation to catastrophic damage. • How would your life be affected if everyone in your address book received a set of offensive pictures from you by email?
Some precautions • Don't publish your email address on the web • Use a number of email addresses • Keep one email address for personal use with people you trust • Have a separate email that you use when signing up for mailing lists etc. • Consider using a proxy server or anonymiser • Beware of executing unknown programs • Only give credit card details to secure sites • Keep a record of all transactions • Don't send credit card details by email • Install anti-virus software and keep it up-to-date • Run a firewall on your PC
What’s next Unit 15. 26
Review questions • Define the term cryptographic. • Define the term internal worm • Difference between plain and cipher text. • Define Caesar cipher. • What is an Enigma machine. • What is Data Encryption Standard (DES). • What do we mean by the term “brute force” • Define symmetric and asymmetric key. • Define RSA technique. • SSL stands for what. • Define digital signature. • Define authentication • What is digital certificate. • Define firewall