1 / 15

Module 3 – Cryptography

Module 3 – Cryptography. Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures. Cryptography Basics. Original Plaintext. Plaintext. Ciphertext. Definitions (Encryption, Decryption, Plaintext, Ciphertext) Symmetric Key Algorithms

karli
Download Presentation

Module 3 – Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 3 – Cryptography • Cryptography basics • Ciphers • Symmetric Key Algorithms • Public Key Algorithms • Message Digests • Digital Signatures

  2. Cryptography Basics Original Plaintext Plaintext Ciphertext • Definitions (Encryption, Decryption, Plaintext, Ciphertext) • Symmetric Key Algorithms • Public Key Cryptography Encryption Decryption Key Key Original Plaintext Plaintext Ciphertext Encryption Decryption Encryption Key Decryption Key Original Plaintext Plaintext Ciphertext Encryption Decryption

  3. Types of cipher • Stream cipher • Each bit (or byte) is encrypted or decrypted individually • Simple substitution ciphers (ROT13, XOR) • Example - ROT13 • abcdefghijklmnopqrstuvwxyz • nopqrstuvwxyzabcdefghijklm • Block cipher • A sequence of bits (or bytes) is used at each step in the encryption and decryption process (DES) rot is insecure ebg vf vafrpher

  4. Symmetric Algorithms • Substitution (ROT13, Cryptoquotes) • Transposition • XOR • One Time Pad • DES • IDEA • RC2, RC4, RC5 Nsail otlnd t g sot. terh hcie eut rhw memo o r Not the mo st secure algorithm in the wor ld. Not the most secure algorithm in the world. Nsailotlndt g sot.terh hcie eut rhw memo o r

  5. Digital Encryption Standard (DES) • A block cipher with a 56-bit key length • Acutally a 64-bit number, but every 8th bit is ignored • Operates on a 64-bit block of plain text at a time • 64 bits of plaintext come in --> 64 bits of ciphertext come out • Performs 16 rounds, where in each round • the input bits are permuted • a key is applied to the resulting permutation • The key is shifted before each round • The same algorithm and key are used for encryption and decryption, with a different key schedule

  6. Advanced Encryption Standard (AES) • A block cipher with a 128-bit block size • Key lengths of 128, 192, and 256 bits supported • Operates on a 4x4 array of bytes • Each round has four steps: • AddRoundKey (uses XOR operation with subkey) • SubBytes (Each byte is replaced based on a lookup table) • ShiftRows (bytes in each row are shifted to the left) • MixColumns (each column is multiplied by a fixed polynomial)

  7. Public Key Cryptography • A public key - private key pair are used, one for encryption and the other for decryption Public Key: n - product of two primes, p and q (p and q are secret) e - relatively prime to (p-1)(q-1) Private Key: d - e-1mod ((p-1)(q-1)) Encrypting: c = me mod n Decrypting: m = cd mod n

  8. Let p=3, q=11 • n=pq=33 • e must be relatively prime to (p-1)(q-1)=20 • choose e = 7, then d = 7-1 mod 20 = 3 • Plaintext is 3,4,2 (m1=3, m2=4, m3=2) • c1=m1e mod n = 37 mod 33 = 9 • c2 = m2e mod n = 47 mod 33 = 15 • c3 = m3e mod n = 27 mod 33 = 29 • Ciphertext is 9,15,29 • m1=c1d mod n = 93 mod 33 = 3 • m2=c2d mod n = 153 mod 33 = 4 • m3=c3d mod n = 293 mod 33 = 2 • Plaintext is 3,4,2

  9. Message Digests • A message digest is a one-way function which maps the information contained in a (small or large) file to a single large number, typically between 128 bits and 256 bits in length. • A good message digest function should have the following properties: • Every bit of the output is influenced by every bit of the input • Changing a single bit in the input results in every output bit having a 50% chance of changing • Given an input file, its corresponding digest, and the digest function, it is computationally infeasible to produce another input file which maps to the same digest

  10. Message Digest Algorithm MAC Message Hash Secret Key Block Cipher Operation of a message digest function to produce a message authentication code Message Authentication Code

  11. Message Digests (continued) • HMAC • The Hashed Message Authentication Code uses a secret key in combination with a message digest function to produce a secret message authentication code • Since an attacker doesn’t know the secret, the attacker cannot produce a correct authentication code if they alter the message in an way • SHA-1 • Developed by the NSA for use with the Digital Signature Standard

  12. Originator Transmitted Message Recipient Message Message Hash Function Hash Function Message Signature Public Key Digest Decrypt Private Key Encrypt Expected Digest Actual Digest Signature If actual and expected match, the signature is verified RSA Digital Signature

  13. Roles for Cryptography • Authentication • Digital signatures • Authorization • Distribution of lists of authorized users • Confidentiality • Information is scrambled in transit or on disk • Integrity • Digitally signed message digest codes • Non-repudiation • Cryptographic receipts

  14. Cryptography can’t: • protect unencrypted documents • protect against stolen encryption keys • protect against DOS (denial of service) • protect against traffic analysis • protect against a passerby

  15. SSL • Resides above TCP/IP on the protocol stack • Adds numerous features to TCP, including • Authentication to server (digital signature) • Authentication to client (digital signature) • Data confidentiality (encryption) • Data integrity (Message authentication codes)

More Related